Category: Defence

We will be showing the latest version of Armour Mobile at Cyber UK (24-25 April 2019), and one of our most exciting upgrades is the provision of the ability to use biometrics as an extra layer of authentication.

We haven’t just jumped on a bandwagon here, biometrics is an important development for security.  While our products use identity-based cryptography and are designed to enable secure, cross-platform communications by identifying and authenticating the end points, this doesn’t necessarily identify who is actually using the device.  (More about identity-based encryption (IBE) and its benefits in our previous blog post here: https://www.armourcomms.com/2018/02/27/are-you-talking-to-me/?cat-slug=10)

When biometric authentication is added to Armour Mobile, it also confirms that it is the right person using the phone.  Armour Mobile integrates with the biometric authentication algorithms on the latest smartphones (iOS and Android) and uses them to open the Armour Mobile app. The user simply logs in to our app using their fingerprint or face ID, which is authenticated by the device and – through its link into the mobile’s built-in, secure key store – can then unlock our app (when closed, our app’s data-at-rest is kept encrypted).

The biometric component makes it simpler to login without needing to retype a password every time. This convenience removes another of the (perceived) ease-of-use barriers to using a secure, enterprise app that has been designed for purpose, rather than a consumer-grade app.

We will be demoing exactly how it works on our stand B9 at Cyber UK, at the Scottish Event Campus,  Glasgow,  24 – 25 April.

In addition, we will be demonstrating full integration with Secure Chorus’ interoperability standards for encrypted voice calls, to a live audience, with Leonardo, BAE Applied Intelligence and a defence organisation. The interactive workshop, hosted by the NCSC and led by Secure Chorus takes place on 24 April at 14.00 and is part of Stream G.

Several of our partners are also exhibiting, including BAE Systems on stand E22, Amiosec on stand E20, Leonardo on stand E15, Qinetiq on stand B2, Nine23 on stand SBH15 and Templar Executives on stand SBH7.

So all in all, well worth a visit!  For more information and to register visit:  https://www.ncsc.gov.uk/section/cyberuk/overview

A recent initiative to give the Army Reserves more responsibility has led to the forming of a Cyber Protection Team.  One of the first issues that the team addressed, was to find a more secure way to communicate. In other words, a secure replacement for WhatsApp.  Like many organisations, WhatsApp (along with other consumer-grade apps) has become widely adopted across the Armed Services.  It has invaded almost by stealth.  It’s easy to use, everyone has it, and it’s encrypted.  What’s not to like.

However, as we have discussed on many occasions, consumer-grade apps are generally owned by multi-national social media companies, that don’t particularly care about your meta data, and might even sell it to advertisers.

Recognising this vulnerability, the Cyber Protection Team is piloting Armour Mobile.  Currently being used very successfully by a small group that often work remotely, the plan is to encourage the use of Armour Mobile more widely.

Watch this space for further details.

Working in secure comms, we come across many interesting and varied characters, all with a different background story to tell.  Recently I met Mark Howells, a reservist with the Royal Signals, and formerly a full timer, having seen several tours of active service. Mark has been instrumental in setting up a new cyber protection team within his regiment, and we’ve talked shop on several occasions.

However, what really got my interest was when Mark started to tell me about the proactive steps he was taking to deal with his Post Traumatic Stress Syndrome (PTSD). Depending on which source to you go to, PTSD affects from 5 – 10% of military personnel, and is on the increase.  Although the increase could be because it is now a recognised condition, that is talked about, and so people feel more able to ask for help.  Whichever way you look at it, mental health is something that we all need to be aware of.

Mark told me how he found cycling was a great therapy helping him to manage his symptoms, and so continue an active and healthy lifestyle.  With coaching from the Army, and a strict training regime, Mark has achieved a lot.  Not only that, he has big ambitions.

Mark’s goal is to represent his country at the Invictus Games in 2020.  Meanwhile he is taking part in events every week, and has a packed schedule of races for the coming season.

At Armour we are very proud to support Mark in his endeavours, and will publish occasional posts here, to up date you of his progress.

We are delighted to have been shortlisted for the SC Awards Europe in the category of Best Mobile Security Solution.  Here SC Magazine’s editor, Tony Morbin announces those that made it to this final round in all categories.

https://www.scmagazineuk.com/celebrate-sc-awards-europe-2019-shortlist-announced-today/article/1579735

Trump and his foreign nation state eavesdroppers

According to a recent article in the New York Times, conversations on the President’s mobile phones are being listened to by the Russians and Chinese.  As we’ve reported on many occasions, listening in to standard mobile phone conversations is fairly straightforward with IMSI-catcher from just $20, and especially with the resources of a nation state.  The article goes on to explain that the Chinese are monitoring who the President talks to and who influences him.  They are learning what arguments tend to win him over and using that intel to avoid a trade war, so the story goes.

How interesting are your users?

All this begs the question, if the Secret Service, CIA and FBI can’t control one rogue user, how can any organisation be sure that their employees toe the line when it comes to security? As ever, Bruce Schneier articulates the problems of security of mobile devices in his blog very well, and makes the point that it’s not just the President and other heads of state that are at risk.  Anyone who is potentially interesting to criminals or commercial competitors could find themselves subject to eavesdroppers, whether a CEO of a quoted company, any number of sales people, company executives, product developers with trade secrets and intellectual property to protect, or government officials involved in a trade negotiation – I imagine all those involved in the current Brexit dealings are under a huge amount of scrutiny!

Good advice – but does anyone listen?

The UK’s National Cyber Security Centre (NCSC) has a plethora of advice and user guidelines.  All of it is written in easy to understand language, specifically for organisations to re-use with their own employees. Its advice for end users is a case in point.

While all of this seems fairly basic stuff, if you live and breathe cyber security as we do, the following are still good ways to avoid the majority of cyber threats:

• Use strong passwords and don’t reuse them between different accounts
• Be careful which apps you download
• Only use secure/known WiFi connections
• Don’t leave your device lying around
• Don’t open phishing emails
• Don’t visit dodgy websites
• Be extra careful about what networks you use when abroad
• Only use secure methods of communication when dealing with sensitive information

Making security invisible

The inconvenience of not being able to make a call, send a message or text exactly when you want to is just too much for many workers who are under pressure to perform in today’s always on culture.

Security has to be designed into the apps that we use daily and has to be almost invisible to the end user.  And if you are asking them to use a different app or process to the consumer-grade equivalent, it had better offer at least as good a user experience.

Contact us now for more information about how Armour Mobile can provide a highly useable and secure alternative to consumer-grade communication apps.