Securing data with unique keys
Over the past year or so, the security capabilities of Android phones have come under the microscope. Hackers have been targeting specific vulnerabilities in the OS with specially designed malware, including malware like Geinimi and ransomware like Fusob.
Till now, Android security focused on the user downloading antivirus apps. That didn’t always work, however. Now, phone makers are using the hardware-based encryption that comes with the newer line-up of chips, to lock data with unique keys that can only be unlocked after verifying the original user’s credentials.
This goes further than the two-factor authentication such as fingerprint sensors now common in most phones. To protect against malware attacks and prevent data interception, measures such as software data encryption and hardware-based security mechanisms are being integrated into the new hardware that is making its way into phones now.
Indian smartphone maker Micromax’s Dual 5 (Rs24,999) smartphone, for instance, deploys an independent security chip that encrypts and stores passwords and fingerprints and stores them at the hardware level. Micromax claims it matches the military-grade EAL 5+ security standard. Also, the phone allows the user to store sensitive apps in a SecureVault app that can be accessed only by a secondary fingerprint (different from the one used to unlock the phone). This app is basically a secondary interface hidden on the same phone—apps in the secondary interface will not be visible in the main interface.
The Dual 5 will also know if the SIM card is removed from the device and will prompt the user to log in immediately to verify that the change was made by the authentic user, failing which all the keys will be disabled and the phone will reset itself.
Samsung’s forthcoming Galaxy S8 (starting from $720, or Rs46,800) will feature an upgraded version of the military-grade-standard security tool called Knox. Perhaps inspired by Fort Knox in Kentucky, US, this is a multilayered solution that also works on most Galaxy smartphones and the Gear S3 smartwatch. It takes advantage of a modern-day ARM processor architecture called Trust Zone, which works with a hardware-based encryption feature called TIMA KeyStore. The solution checks for any potential changes to the software code that malicious apps tend to execute, and blocks them. It can encrypt sensitive data, keeping it separate from the casual data and apps.
BlackBerry’s Android phones have security tools integrated in the hardware itself, and the company’s next phone, KeyOne (€599, or Rs41,475), will not slacken on the security aspect. The first layer of defence comes from Hardware Root of Trust, which is basically a set of security keys built into the processor. These security keys are meant to carry out a specific set of functions, such as tracking, verifying and maintaining the integrity of the device. The second layer of security is the FIPS 140-2 Compliant Full Disk Encryption, ensuring that even if you lose the device, personal data such as photos, banking details and emails will remain secure. The third level of security comes from the DTEK security app, which constantly monitors your Android OS and apps and will warn users if apps behave suspiciously or try to change any privacy or access settings. Finally, there is the Factory Reset Protection option, which if activated, ensures that your phone cannot be used if stolen, unless you re-enable it by verifying your Google credentials.
Swiss security company Silent Circle’s second smartphone, Blackphone 2 (around $800), protects a user’s communication such as voice calls, text messages and video chats by sending them through Silent Circle’s encrypted virtual private network (VPN). The Blackphone 2 also uses a specially designed Qualcomm 615 chip, and runs the SilentOS software that can be split virtually into multiple compartments. Users can keep their sensitive information in the secure compartment and the regular stuff in the other compartment.
Developed by Israeli company Sirin Labs, the Solarin smartphone ($13,800) uses security company KoolSpin’s chip-level 256-bit AES encryption technology and Zimperium’s mobile threat protection suite. KoolSpin’s standard is also used by military agencies globally. The phone’s chip has more than 2,500 components that can protect it against any form of cyber-attack, data interception and device breach. In case you are wondering about the surprisingly high price tag of the Solarin smartphone, it uses titanium and diamond components for the chassis.