Posted on

Time to choose your favourites!

Someone recently asked me how to add favourites in Armour Mobile.  It reminded me that actually, not everyone does use consumer apps, so to ensure that anyone and everyone really can get to grips with Armour Mobile, we’ve developed a library of video clip tutorials to help our users get the most out of the product. The videos guide users through the various tasks and features in the latest version of Armour Mobile for both iOS and Android platforms. 

Each clip runs for between 30 seconds and a minute, so it doesn’t take long to get your users trained up.   Topics include:

  • Message Burn
  • Conference Calls
  • Group Messaging
  • File and Photo Attachments
  • Settings and Biometrics
  • Activation via Deep Link
  • Activation with QR with Password
  • Activation with QR without Password
  • Importing Contacts and Final Setup
  • Ringtones
  • Adding Favourite Contacts
  •  

Contact your account manager today to get links to the videos for iOS and/or Android and see for yourself how easy to use Armour Mobile can be.

Posted on

Armed Services Covenant – we’ve signed!

Armed Forces Covenant Logo

Armour Comms recently signed up for the Armed Services Covenant (www.armedforcescovenant.gov.uk) and it was one of the easiest decisions, as a company, we’ve ever made.  The covenant is a pledge that together all those that have signed it, acknowledge and understand that those who serve and have served in the armed forces, should be treated with fairness and respect in the communities, economy and society that they serve, sometimes with their lives.

Those that have signed the covenant, which include government, the individual services (RAF, Army, Navy), businesses of all sizes, charities, communities and cadet forces aim to go out of their way to help and support serving and retired personnel and their families.  It is something that we are happy to do, in fact, we are proud to treat all of our staff with as much flexibility and compassion as we can.  As a SME, it’s an obvious way for us to retain good, talented people.

Armed forces veterans have a lot of skills that are highly transferable to civilian life, particularly for a company like Armour.  Early next year we will be actively looking to recruit and ex-servicemen and women are strongly urged to apply.

We have two roles in particular that could suit a veteran.  A pre-sales role where technology knowledge and the ability to explain how our products work to potential customers would suit someone with a good level of presentations skills and confidence.  We will also be looking for people to install our technology at client sites, which will require customer service skills and technical and practical skills.

If you are looking ahead to 2020 for your next challenge, why not contact us now?

sales@armourcomms.com

Posted on

If there’s more to security than encryption – what else do you need?

We live in an age where we use our personal smartphones not just for messaging or social media, but potentially for business communications, emails, sensitive documents, banking and as an electronic wallet. Findings from a report[i] that analysed mobile phone thefts for England and Wales back in 2016, revealed that 446,000 mobile phones were stolen in a 12-month period. That is equivalent to 1,222 phones taken each day, and it’s only going to get worse!

When we lose our phones it’s not just the inconvenience and the cost of the handset to take into consideration, it’s the loss of control over our information, both personal and business data. Most smartphones are remarkably easy to access, should a phone fall into the wrong hands. The first defence should be a device password, however according to figures from the crime survey, only 53%[ii] of users have a pin code protecting their device and an awful lot of PIN codes use birth years or other easily guessable numbers such as 1234 [ref: http://www.datagenetics.com/blog/september32012/index.html].

Device Encryption – How good is your password?

Encryption on the device, otherwise known as encryption at rest, protects contacts, messages and confidential documents within an app. If the phone is lost or stolen, the finder or thief can’t read the data on the device without also having the user’s passcode or biometric fingerprint.

However, there is so much more to security than just encryption. For instance, the National Cyber Security Centre (NCSC) recently published its first UK Cyber Survey[iii] which reported that breach analysis found 23.2 million victim accounts worldwide used 123456 as a password. Encouraging users to make good password choices is a vital part of protecting business data, and it doesn’t stop there.

Jailbreaking and App Permissions

With a jailbroken iPhone, it is possible to install apps and tweaks that aren’t authorized by Apple. However, by doing this it also removes the tough security protections that Apple has built into iOS. Keep in mind that not all apps are created equal; some may be harnessing malware that can snoop on users by stealthily hijacking the microphone to record conversations. Jailbreaking is very risky and exposes the phone to malware as it completely removes the protection that Apple built into both iOS and the iTunes App Store. It undermines the phone by fundamentally changing the whole operating system. However, a user can cause just as many problems by installing apps that request a swathe of unnecessary permissions, allowing access to location, audio, files, contacts, etc. that the app doesn’t need, but for commercial or malicious purposes reports back to the app vendor.

Secured communications end-to-end

If data isn’t encrypted, anyone who happens across a phone can get at the files within pretty easily; with encryption added, accessing the same data becomes more difficult. Because cracking encryption is so difficult, it is rarely the attack vector – there are so many easier options, as we’ve just discussed.

Armour’s on-premises solution allows for encryption key generation and management to be controlled within your own premises, allowing administrators to decide on how long a user’s key is valid. Armour also provides the flexibility to have the on-premises solution deployed within the local infrastructure or to the cloud. This provides organisations with the option to host key generation and user data in a secure location, with the internet facing services either in the cloud or in an organisation’s external-facing server zone.

With Armour solutions all user information, including names and numbers are kept private. All data is encrypted within the infrastructure, including signalling (which is the process used to set up the call or message). All messages are encrypted, so they are protected while awaiting forwarding to the recipient (if they are temporarily offline).

Group messaging – are your lists protected?

Armour Mobile Group Messaging provides all of the functionality seen in consumer-grade messaging apps but with enhanced security. With commercial offerings such as WhatsApp, users are part of a global contact list and potentially could be contacted by anyone. Armour Group messaging is a closed user group and only those you add to the system can call and message others. Users can be removed and added to the group as appropriate (whether their phone gets lost or they simply leave the organisation).

The solution enables users to create groups from their Armour Mobile contacts list via a simple process. Once a message is shared, the app confirms the message is sent, and who has received it, listing exceptions (i.e. those that have not received the message because they are offline). Group Messaging also enables voice memos, pictures, video clips, documents and other file attachments to be sent to a group instantly and securely, enabling broader collaboration and communication across organisations.

The security delivered by closed messaging virtually eradicates the risk of opportunistic phishing and fake URLs attacks as messages are confined to within the nominated group of users and Armour’s cryptography includes built-in authentication.

Information Governance

With Armour on-premises, all data can be stored in a known location (e.g. the UK), supporting compliance with the General Data Protection Regulation (GDPR) by controlling exactly where personal data is being stored and processed.

The on-premises solution delivers functionality to audit the system; identifying users and calling and messaging records.  The solution also offers the ability to review even the contents of the call or message itself, if needed for legal or regulatory purposes, without compromising the security of the communications between the users.

Additionally, Armour on-premises offers added security to all meta data, a topic we wrote about in this blog (What does your smart phone say about you?). The solution ensures the meta data is kept private, under the control of the organisation and inaccessible to another party. 

Protecting your device and your identity

Encrypted devices don’t just secure our data, with the amount of personal and business information stored on our devices today, good device encryption protects our identity.

Even if a thief can’t access a bank account via mobile banking, they could use other information on your phone to perpetrate identity theft and fraud. With many of us using budgeting and expense-tracking apps, these contain sensitive information about spending habits, which thieves can use to avoid raising red flags with a bank or credit card company. By developing good cyber habits to protect sensitive, private and business communications, users are also actively safeguarding their identity and are less likely to be a victim of identity theft, financial fraud or phishing scams.

Cyber crime is sharply increasing and attacks are growing more sophisticated. It is no longer international governments that should be concerned about lost or stolen devices, with confidential business dealings and commercially valuable information stored on smart phones and laptops, organisations should be assessing the risk and acting.

Armour’s solutions for secure communications work on everyday smartphones, tablets and Windows 10 desktops. With the same usability as consumer-grade apps, but with significantly enhanced security it could be the answer to your security needs. Contact us today to discuss a solution.

[i] ONS Gov Crime Survey England & Wales

[ii] Home Office: Reducing mobile phone theft report

[iii] NCSC UK Cyber Survey 2019

Posted on

GDPR fines – mobile losses could be next for Finance Sector

Finance Sector

Over a year since the implementation of GDPR regulations, and the ICO has started handing out fines for infringements. The finance sector is well used to dealing with regulation (pardon the pun), however mobile devices often go under the radar. While some unsecured voice calls on mobiles can be recorded via the usual VoIP phone systems, it is information exchanged using messaging apps that is of particular concern.  You may think that these so-called ‘secure’ messaging apps are secure because they are encrypted, but as we have documented in this blog on various occasions, there is a lot more to security than simply encryption.

Worryingly, in the past couple of months it has been stated that ‘almost half of the cyber-security incidents reported in the UK during the past year were caused by internal errors, where employees failed to follow security protocol or data protection policies.’ Furthermore, 70 percent of financial companies faced a cyber-security incident, and the number of attacks are increasing year on year.  Details here: https://www.scmagazineuk.com/70-uk-financial-companies-report-hit-cyber-incidents-blame-internal-error/article/1594018

How secure are attachments?

Only recently, research from Symantec found flaws in Android that allowed so-called media file jacking, where malicious attackers are able to manipulate and modify media files such as commercial documents, photos and recordings in WhatsApp and Telegram based on the users’ settings.

As well as the integrity of files, another issue to keep in mind, is where your data is being stored when you use mobile comms apps.  There is currently a high profile lawsuit being filed against Apple, claiming that iCloud storage is actually, in some instances, farmed out to other suppliers such as Amazon Web Services and Google. See: https://www.theregister.co.uk/2019/08/14/apple_cloud_confusing/

Sharing your contacts with the world

As well as knowing where your data is being stored, it is vital to keep control of your contact lists. Some consumer grade apps, such as WhatsApp, automatically upload all of your native contacts to the WhatsApp/Facebook server when you install the app, so that it can cross reference your contacts and enable you to call them using the app. While this might appear to be user-friendly in our social lives, in a corporate environment it is very different. If you use a corporate device in this scenario, you are effectively sharing other people’s personal details, without their permission.  This would be a contravention of GDPR, which could open up the business to potential fines of 4% of global turnover.  A heavy price to pay for simply using a ‘free’ app – not quite so free after all!

Fully Auditable mobile comms

While these consumer grade apps are encrypted end-to-end which provides some level of security for the contents of messages and attachments, that also means that the system doesn’t provide any capability to manage organisational and/or regulatory compliance. In essence, there is no audit facility for any of the communications that take place.  Whether you’re a CISO who needs to ensure your staff are adhering to FCA policies, or a financial advisor who needs to prove what guidance you gave to a high value client, the lack of an audit capability for your communications system is a major issue.  And as previous mentioned, you have no control over where your data is held, so the case against consumer apps quickly stacks up.

With an enterprise-grade, certified mobile comms app you get the very best of all worlds:

  • An easy to use product with all the functionality of a consumer-grade app
  • Complete control of your meta data
  • Complete control of your contacts lists
  • Attachments that are stored securely
  • Audit functionality – for reviewing all communications including voice calls
  • GDPR compliance

 

Contact us today for more details.

Posted on

View from DSEI

It’s not just hardware that keeps us safe!

Once again we are at DSEI, where the defence industry meets and greets every two years. It’s always an eye-opener to wander around the exhibition halls, see the latest helicopters, armoured vehicles, protective clothing, and this year the new Tempest. People were queuing up to sit in the pilot’s seat and see for themselves its impressive heads up cockpit display that provides a huge amount of information easily digestible even while manoeuvring at high speed. Indeed, it seems we are only a small step away from the Firefox (early 80s movie starring Clint Eastwood, based on the novel by Craig Thomas), where the pilot flew the aircraft by plugging himself in. This week alone there were two articles in the Economist about AI and its role on the battlefield.

The rise of cyber warfare

All this serves to remind us, just how important data has become, not just in defence but in everyday life. Earlier this week we heard reports that policing is becoming more difficult because crime is changing. There are now many more fraud cases where victims are duped online, identities stolen, hacking, phishing and cyber attacks are rife. Social media is now being used by all manner of groups including nation states and freedom fighters/terrorists who use it to spread propaganda and fake news that can potentially affect the outcome of elections. The same techniques can persuade a city under siege to lay down its arms, or fans to buy the latest Taylor Swift album.

Is data the last frontier?

The huge importance of data and online technology is reflected at DSEI with the cyber security section growing ever larger each time we exhibit. While we don’t have large, intimidating hardware to show off, we’ve been getting a lot of interest because everyone can relate to the horror of having your personal, private or company confidential communications hacked. From soldiers on a tour to duty, to journalists in an unfriendly regime, to government officials discussing matters of state or business people sharing intellectual property, we all have information that we would rather did not end up with our competitors, or made public. In some cases this could impact national security.

Free apps – You’re the product!

In a world defined by an always on culture dominated by online interactions and global networks, it is still possible to keep control of your personal and business information. You can stay ‘under the radar’ but not by using free services. The old adage, that if it’s free, then you are the product, is never more true than with social media platforms and the various tools that those platforms own and control.

If you’d rather keep your communications private, contact us now to discuss how. sales@armourcomms.com

Posted on

QuoStar safeguards communications and prevents hostile interception of sensitive IP with Armour Mobile

QuoStar

 “Armour Mobile was the standout solution for its superior functionality, use and ease of deployment. The client’s communications are now secure and the cost savings from no longer requiring hand delivery of documents has been immediate and substantial.”

  • Simon Gadsby, Chief Operating Officer, QuoStar

 

QuoStar is an IT support and consultancy provider that specialises in businesses going through growth and change. When one of its international clients reported that it was experiencing network traffic interception from global threat actors,the team at QuoStar set about finding a solution to secure telecommunications.  Armour Mobile was deployed into the client’s environment and, upon seeing the benefits, QuoStar adopted the Armour solution to safeguard their own sensitive communications.

Business Drivers

QuoStar’s client required a high assurance communications platform for secure conference calls, messaging and document sharing across teams in multiple international locations. The client was keen to protect communications that were at risk of interception. To mitigate risk, documents were dispatched via personal courier services ensuring all documents were hand-held until reaching the final destination. This method was hugely costly, both financially and in terms of resources, with documents travelling by hand from country to country and across continents. A new solution was required that could:

  • Provide secure conferencing for numerous participants
  • Secure intra-company and company to company communications
  • Ensure calls and associated metadata are kept private
  • Protect data sent in messages, text or as attachments

 

The Solution

It was important for a new solution to be cost-effective, easy to use and incorporate advanced security techniques to ensure communications could not be intercepted or compromised. After assessing several solutions Armour Mobile was selected for its wide range of features and ease of deployment.

Armour Mobile hosted on Armour’s secure cloud was deployed providing a trusted platform for communications to be set up, enterprise-wide, within hours, followed by an Armour Mobile On-Premises solution enabling complete control of all meta-data. The Armour solution has enabled the client to benefit from economies of scale, savings associated with using VoIP technology, all in a secure environment. 

Secure collaboration

Conference calls and group messaging is an important part of how teams communicate within the organisation. Using Armour Mobile allows multiple users to collaborate securely utilising the same communications platform. New team members can be provisioned quickly, with no additional hardware required. The Armour Mobile app is downloaded from the app store onto employees’ existing handsets and IT provisions the user in minutes, providing the employee with a safe and secure channel of communication.

One of the major benefits of Armour Mobile is its ease of use for the end-user.  With all the functionality and user experience associated with consumer-grade apps, there is no need to for training as the app is intuitive to use.

“Armour Mobile delivers the secure communications, information management and ease of deployment that the client wanted. The additional in-app security, closed group communications and encryption of data in motion provides the flexible and highly secure communications platform that the client required.”

Business Benefits

  • Secure communications – calls are protected from the risk of eavesdropping and documents from interception by outside agencies. Armour Mobile encrypts data in-transit and at rest, rendering it unreadable, and therefore protected. Sensitive corporate information sent via message or text is protected in line with EU General Data Protection Regulation (GDPR).
  • Substantial cost saving – deploying Armour Mobile has eliminated the need for couriers to hand deliver documents across the globe saving thousands of pounds within the first month of deployment and providing an instant Return on Investment.
  • Improved efficiency and productivity – the ability to securely transmit documents has resulted in greater productivity and efficiency. No longer hindered by the time delays of documents being delivered by hand, colleagues can quickly share information without delay.
  • Improved data security, governance and auditability – providing assured safe and secure communications across international operations has improved information assurance and data management processes. The client is able to assure its stakeholders that intra-firm communications are secure, encrypted and private. 

 

Appreciation drove adoption within QuoStar

“Seeing the real-world benefits of Armour Mobile in operation at the client’s premises prompted a review of our own secure communications. The ease of use and functionality across the whole communications spectrum drove the decision to adopt Armour Mobile for use amongst QuoStar’s executive management team. This is a testament to just how good Armour Mobile is.”

Posted on

Media file jacking vulnerability found in WhatsApp and Telegram

File Jacking

Time lapse can be exploited to manipulate sensitive files for malicious intent

WhatsApp is back in the news following the release of new research by Symantec that reveals a vulnerability, termed ‘media file jacking’, that can affect WhatsApp and Telegram for Android. The security flaw allows malicious attackers to manipulate and modify media files such as commercial documents, photos and recordings in WhatsApp and Telegram based on the users’ settings.

The challenge of default settings

Android apps can store files and data in two storage locations: ‘internal’ and ‘external’ storage. Files saved to internal storage are accessible only by the app itself, meaning other apps cannot access them. Files saved to external storage – whether this is a generally-accessible folder on the device, or a public (e.g. cloud) folder –   can be modified by other apps or users beyond the app’s control. WhatsApp and Telegram may store media files in external storage (depending on user settings); this means that, devoid of any proper security measures in place, other apps with write-to-external storage permission can maliciously access and alter files. Effectively these apps place their root of trust in the storage medium rather than controlling the root of trust themselves.

End-to-end encryption is one part of the story

There is a common perception that instant messaging apps are immune from privacy risks and manipulation of attachments due to security features such as end-to-end encryption. Whilst end-to-end encryption is an effective mechanism it doesn’t stop the altering of files on external storage before or after the content is encrypted in transit. A user may innocently download an app unaware that it contains malware capable of manipulating files stored in external storage. An app that appears to be legitimate but is in fact malicious can intercept files, such as a PDF invoice file received via WhatsApp, then programmatically swap the displayed bank account information in the invoice with that of a malicious actor. Equally feasible (as described by Symantec) could be substitution of an altered audio recording giving fraudulent instructions, manipulation of an image or map for deceptive purposes, or even changing a Telegram channel feed to insert ‘fake news’.

Not all applications are created equally

Just as there is no such thing as a free lunch, the saying can be equally applied to applications. Data is a valuable currency and cyber criminals are in the business of quick and easy paydays. With any free app you don’t really know who has access to your information and because it’s free you don’t have any recourse. If you aren’t paying for the product, it means you ARE the product.

Employees should take security seriously but in the absence of a secure and easy to use app, people will naturally seek their own workaround solutions. Armour Mobile is a cost-effective and easy to use solution that works on everyday smartphones. With the same usability as consumer-grade apps, but with significantly enhanced security (secure message attachments are stored in the app’s encrypted database, i.e. controlling the ‘root of trust’ mentioned earlier) it could be the answer to your security needs. Contact us today to discuss a solution.

Posted on

Global phone carriers targeted by espionage campaign

David and Goliath

It’s not often that global telcos could be described as a ‘David’ in a ‘David and Goliath’ analogy, but that is exactly what we are looking at in the latest hacking scandal.

In a story that broke this week in El Reg https://www.theregister.co.uk/2019/06/25/global_telcos_hacked/ and CNBC https://www.cnbc.com/2019/06/25/hackers-hit-telecommunications-firms-cybereason.html, a long running espionage campaign has been waged by (it is alleged) the Chinese government against at least ten cellular telcos around the world.  While a telco might have a security team of 50 people, huge by comparison to most organisations, this is miniscule when compared to the resources of a nation state, hence the David and Goliath reference. The campaign, which has apparently been running for several years, has even involved VPNs being set up within the telcos’ own infrastructure so that the perpetrators could snoop more quickly and easily on their targets.  So the story goes, the campaign was aimed at 20 to 30 high value targets, and the snoopers were able to access hundreds of gigabytes of phone records, text messages, device and user metadata and location data for hundreds of millions of subscribers.

This is another reminder that you can’t necessarily rely on your telco or ISP to protect your data and metadata. This is not because they are particularly negligent or complicit, but simply that flaws in the old technology, that underpins most networks around the world, can be exploited by nation states with almost limitless resources.

If you don’t want to be tracked, if you want to keep your communications private, if you discuss company intellectual property or trade secrets that you don’t want your competitors to learn about, if you are a journalist, aid worker, or special/covert services operating in an unfriendly regime, you need to take steps to ensure that your mobile data is protected.

Watch this space for more on this story in the coming weeks.

Posted on

Royal Signals cyclist continues gruelling training schedule

A couple of months ago I reported that Armour Comms is proudly supporting Army Reservist Mark Howells.  We have now extended our support to include the whole cycling team of the Royal Signals.

Fresh back from training camp, Mark has been filling me in on his training schedule for the rest of the year – a budding team triathlete, this includes swimming as well as cycling.  Over the coming months he certainly has a packed diary, with events and qualifiers every weekend, including qualifiers for the Invictus Games.   As well as a few 100 milers (cycling) Mark will also be taking part in some criterium races (where participants race around a circuit, typically in a town), which tend to be fast and furious with a sprint finish.

We are very much looking forward to seeing Mark and the team in Armour colours, and wish everyone the very best of luck.

Watch this space for further updates.