B2B and B2C Premium Services and Devices
Such market includes roughly Cryptophones, highest-privacy multi-persona mobile devices and services (MDMs), and “secure” mobile messaging apps.
CivicPod or CivicPhone enable their users to access a single- or dual-persona mobile&desktop ultra-private Web, email, Sms/text/chat communication platforms – anytime and anywhere – concurrently with whatever commercial phone platform (IOS, Android, etc.) or desktop PC platform (Mac, Windows, etc.) they use for ordinary computing.
Such user experience and features, are somewhat similar to competing product and services – offered or recently announced by independent providers or by mobile operators (which mostly rebrand 3rd party solutions, or enhance them with internal or 3rd party tech) – that claim to offer more or less such features with mid- to very-high or highest levels of privacy and security:
- Multi-persona mobile devices (such as Samsung Knox, VMware Horizon Mobile, Simko, General Dynamics)1, and/or related
- Mobile Device Management (MDM) solutions (Airwatch/VMware, MobileIron, Good Technology)
- MDM + Multi-persona Device Solutions (Samsung Knox MDM, etc.)
- Cryptophones (such as GSMK Cryptophone, BlackPhone, Thales Teopad, Bull’s Hoox m2, etc.), both P2P or with a centralized key escrow.
- Mobile Apps for private or ultra-private social or business text or voice, and/or image sharing: Telegram, Whisper Systems (Twitter since 2011) RedPhone and TextSecure, Snapchat, Skype, Blackberry crass-platform BBM, Silent Circle SilentPhone and SilentText, etc. Such solutions are also re-sold and co-branded by mobile operators.
- Mobile operators offerings: Vodafone Secure Call App (Secusmart app and G&D Sim Card), KPN Silent Circle and Blackphone, Deutsche Telecom Simko (based on Trust2Core), Telefonica Dual Persona Service (based on VM Ware).
Recent revelations about automated and semi-automated surveillance technologies, capabilities, budgets possessed by extremely well-funded state and non-state actors since 2008, and in particular the vulnerabilities they have devised, purchased or discovered (until 2008!) – in the server-side, Internet traffic nodes, end-user devices and Internet security standards – have dramatically reduced the reasonable expectation about the risk (discovery and plausible deniability) and cost (per person per time) involved in remote continuous abuse of the privacy of any given individual by such actors through the remote exploitation of its end-user device(s). Furthermore, such capabilities non only available to those actors, but also to many other public or private entities, with even moderate skills, resources and/or privileged access, such as the contractors, staff, rogue admins, crackers, and entities connected to them – which may have come to publicly know, discovered, purchased or independently developed knowledge of such vulnerabilities and means to exploit them.
“There is a reason why BlackBerrys and iPhones aren’t allowed in the White House situation room,” Obama said, adding a reminder the U.S. government doesn’t consider them safe from snooping by foreign governments. Snowden during its March 2014 testimony to a dedicated EU Parliament Committee: “I am telling you that without getting out of my chair, I could have read the private communications of any member of this committee, as well as any ordinary citizen. I swear under penalty of perjury that this is true.”. Snowden in a recent interview: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.” Bruce Schneier, arguably the world most-highly regarded IT security expert, recently said “I assume that all big companies are now in cahoots with the NSA, cannot be trusted, are lying to us constantly. You cannot trust any company that makes any claims of the security of their products. Not one cloud provider, not one software provider, not one hardware manufacturer.”
The above mentioned competitor solutions and services incorporate technologies and processes that have one or more of the design flaws – on the device and/or on the server-side and/or in the overall organizational processes – most of which are crucial and can compromise completely the privacy of the user without him knowing about it. More details below.
Hacking a cloud service is more practical, but going after a copy of the data on the user’s device in a large scale is also very easy and cheap to do for thousands or millions2, by a large number of private and public criminal entities. Although compromising server-side systems still involves much less cost and risk than end-user devices, recent news and opinions by world experts have highlighted how substantial or total PC and smartphone hacking, even high-security commercial or “military-grade” solutions, involve much lower, or very much lower, risk and costs per person than was originally thought. From recent news about how NSA can spy on data and voice on almost all Android, iOS and Blackberry smartphones, and the risk of being discovered and the cost per person per minute of interception seems to be very low.
Tools are available, such as FoxAcid3 by the NSA, that enable fully-automated or semi-automated exploit of end-user devices, and efficient bulk exploited device management. The Italian Hacking Team claims and is widely regarded as being able to exploit and manage up to hundreds of thousands of exploited mobile devices. Such software tools through illegal access or purchase may be available even to many non-well-funded entities. An Iphone apparently could be compromised over the network without physical access back in 20074.
End-user device and server/cloud security and privacy are thoroughly linked, unless you are have in place a pure P2P solution that includes OS and hardware. In fact, most business solutions solutions involve one provider or different provider that stores your end-device sensitive data both on your device and on a cloud (and/or manages the encryption of your device data backup on your cloud or PC, like Apple) then it does not make a difference.
Furthermore, Snowden revelations on FoxAcid and similar programs go back mostly go back to 2008. Meanwhile, NSA and many large zero-day exploit companies5 (like Vupen) have most likely continued investing large parts of their budgets budgets (56BN$ for NSA, over hundred of M$ for other private and public) in automating and reducing the cost and risk (discovery and plausible deniability) of remote targeted surveillances. Furthermore, the current backlash with many large private companies encrypting their data links, and tightening access to their databases, it is likely that the % of their budget in dedicated to such end-point automated-targeted surveillance technologies will grow very substantially in the next years.
Bruce Schneier, arguably the world most renowned security expert, declared to NBC how even having a perfect NSA-proof messaging, email or cloud services, would still leave users vulnerable to their own mobile devices.
A few of the vulnerabilities actually come to light, such as those with Samsung Knox6, and many more But it is, in fact, contrary to the interest of most exploiters that such vulnerabilities become publicly known, otherwise the user of such systems may stop using them to communicate valuable sensitive information. The above mentioned solutions are vulnerable to continuous, low cost, and low risk abuse mentioned above, because they do not properly face the need to extend the security analysis and open and very-extensive verification and open verifications at the level of OS/hipervisor, firmware (including Bios and microcode), and of the manufacturing oversight of critical HW parts.
More in detail, the above mentioned competitor solutions and services – as opposed to UVST – incorporate one or more crucial design flaws. Most of them gravely expose the user to very cheap and low risk continuous automated or semi-automated abuse of their privacy, without him knowing about it. Such flaws are in the end-user device, server-side equipment and/or organizational processes at all stages, and may deal with software, hardware and firmware (hardware-level software).
Such main crucial technological or organizational process design flaws one or more of the following:
- Assume trust in one or more technologies providers or people involved in the process of architecting, developing, manufacturing, provisioning, verifying, shipping, authenticating, updating and/or administering the provisioning of the end-to-end service, server-side-only service or the device.
- Are not open to full independent review by anyone of software code and/or hardware designs, or it’s limited to selected entities, such as high-level government appointed experts or high-security certification authorities that use untrusted US standards and whose primary business is connected to US military agencies.
- Even if fully and independently verifiable by anyone they:
- do not ensure that the actual software, protocols, hardware and procedures running “at any given time” at end-points (devices, servers and onion routing nodes – from the (re)-design phase to core HW components manufacturing processes – match that which is: stated by the provider, allowed by applicable local (non-secret) laws and constitutions; and available for review by independent experts; and whose security, privacy and authentication levels has been openly developed and very very extensively assessed (paid, award-based and volunteer) by independent security top-experts, but especially by the world-brightest ethical hackers and crackers.
- do not ensure that an adequate level of verification is actually performed by paid, volunteer or bounty-based verifiers.
- include way too many lines of software code, often written in languages hard to verify, to permit a thorough security analysis, even with extremely large budgets and/or volunteer (benign or malicious) verification/hacking activities. Also, often software code or code development from too many companies and developers are involved, each of bringing its own risks.
- are not architected and developed through a completely open public process, extensively participated by top world security experts, ethical and unethical hackers.
- do not offer access to a sufficiently secure and/or performing onion routing infrastructure, for metadata privacy, especially for voice communications.
- offer dedicated device and server-side service sync sensitive data, which do not offer similar levels of privacy and/or security, allowing in some cases the weakest link in the chain to compromise the overall security level of storage/backup of sensitive data, software update, logs and/or encryption keys.
- In addition to the above-mentioned crucial flaws, they include one or more of the following crucial flaws at specific technology stack levels, such as:
- OS/Kernel-level vulnerabilities. Both commercial, and even most high-security version of operating systems – except very few extremely-hardened and stripped-down and openly-verified microkernels (such as Trust2Core) – are subject continuously to very critical flaws that come to be known by the public even many year later. In fact, a huge security holes have been present for 9 years (!)7 in Linux operating system, and for many months in Apple iOS8 that completely compromised the encryption of all or many apps running on such OSs.
- Hardware physical-level.910 They may be subject, during the manufacturing process to one or more of the following alterations in respect to the stated designs (and independently verified) of the hardware and of the manufacturing process and materials11, each of which may enable a remote complete snooping or control of the device:
- Certain critical physical parts, such as wafer printing, processor manufacturing
- Software actually deeply embedded in hardware components during manufacturing
- Software used for translating original designs into proper code for manufacturing machines may be have flaws.
- Chemical components (such as dopants) used on and around critical physical components.
- Hipervisor level. (i.e. a master OS/kernel used to run concurrently 2 separate OSs on one device, a personal and business one, or a secure and an insecure one). They may be subject to various vulnerabilities due to the fact that the secure and insecure OS share the same memory and other hardware components. They may also not have an hardware-switch to prevent a rogue app faking the switch between one OD and the other. They – although may be small, open and extensively verified (such as Trust2Core) – still rely on hardware, processor microcode and/or bios that are not verifiable in their design and/or manufacturing.
- Mobile Application level. They are open to all the vulnerabilities mentioned above, for lower technological stacks such as OS, Hipervisor (when applicable), firmware, hardware, since each of those vulnerabilities can allow an abuser to read, or even modify, data, even supposedly-erased data.12 It is just a matter of time before the actual (vs claimed) privacy level of emerging (Telegram) and entrenched (BBM) supposedly-“ultra-private” and/or “ephemeral” social and/or business messaging services – which rely merely on app installed on a mobile device (or even with a dedicate secure SimCard) – will become widely known or heavily questioned by tens or hundreds of millions and the will end up like Snapchat13, with such users either going back to mainstream ordinary non-private solutions (like WhatsApp) or else will pass on to cheap, friendly, but truly private and hardware-based solutions like UVST. Demand for user-friendly, portable and cheap solution like ours will go to the roof for both social and business scenarios, from moderately to highest privacy conscious.
UVST therefore effectively competes with such solutions because it fills such gaps and: (A) offers much-higher – as well as user-verifiable and extensively top-expert-verified – levels of security, authentication and privacy, and a much lower cost, and ; (B) offer many features that the don’t such as, high portability, desktop use, always-on e-ink second-screen functionalities, and more.
The largest social network, Facebook, has started embedding such services in their newest services, like Instagram, and plan to include it extensively in key upcoming services14. Zuckerberg recently declared: “I don’t know if the balance has swung too far, but I definitely think we’re at the point where we don’t need to keep on only doing real identity things. If you’re always under the pressure of real identity, I think that is somewhat of a burden”. It was just 2011 when Randi Zuckerberg, Chief Marketing of Facebook, declared that anonymity should go away, implying it should be made illegal15.
The recent fastest-growing social network, Snapchat, in addition to a few others16, has tried to provide privacy, anonymity or pseudonymous services as their key and unique competitive advantage, encountering substantial great difficulties, achieving valuations of 3-4BN$ in fall 2013 (when both Google and Facebook bid for it). Subsequently, thought, huge security flaws were first reported by newspapers and security experts, and then put in practice by hackers exposing the data of millions of users, that have destroyed such valuations17. After the company fix such vulnerability a 16-yrs old found ways to compromise it again18. That’s in addition to extensive abuse that may have happened unreported both at the server-side, as well as through automated attacks on the client sides, as we’ve learn are widely possible by actors on the know to (older) NSA techniques.
Pavel Durov, the founder, creator and still major shareholder of the largest social network in Europe, the Russian VKontacte, with over 85M active users, has repeatedly offered Edward Snowden a job to work for its new social network startup Telegram in order to make it the first social network in the world that would be resistant to the most powerful abuses of privacy and security. Such service aims to compete with the likes of WhatsApp on the grounds that it is “secure end-to-end” and it self-destructs.“The first thing that we wanted to make clear is that nobody has to trust anybody. We don’t take people’s trust for Telegram for granted,” Pavel Durov declared. Despite such claims, not even their code or protocol details are not even available for independent review, so their service is very far from meeting their claims and the current post-Snowden standards. It is late February 2014 news that Telegram (founded by the founder of EU 2nd largest social network) has surpassed daily downloads (5M/day) of WhatsApp, which just bought by Facebook for 19BN$, arguably because of their unique value proposition centered on completely on being the most private solution, by applying at the application level the same “trustless19 security paradigms that we apply in UVST to all software, hardware and processes involved at ends points of service provisioning.
The emergence of such breaches in social networks and the vulnerabilities emerged following the NSA revelations have spurred several countries to evaluate new legislations to prevent that, when and if enacted, would create a huge demand for highest-privacy server-side AND end-to-end solutions, by both users and Internet service providers, which may become responsible for very large damages in case of privacy breach of their user.
1Such as: http://www.engadget.com/2013/02/25/general-dynamics-locks-down-android/
12The security expert Schneier told NBC in regard to “secure” mobile apps “It works well. If you have good operational security, you’re fine. But between the theory and the reality, it’s harder. It doesn’t matter how good your encryption is if I put a Trojan on your computer.”
19“The first thing that we wanted to make clear is that nobody has to trust anybody. We don’t take people’s trust for Telegram for granted” Pavel Durov, Telegram and Vkontact founder, declared.