Posted on

Army Reservists Cyber Protection team pilot Armour Mobile

Army Reserves

A recent initiative to give the Army Reserves more responsibility has led to the forming of a Cyber Protection Team.  One of the first issues that the team addressed, was to find a more secure way to communicate. In other words, a secure replacement for WhatsApp.  Like many organisations, WhatsApp (along with other consumer-grade apps) has become widely adopted across the Armed Services.  It has invaded almost by stealth.  It’s easy to use, everyone has it, and it’s encrypted.  What’s not to like.

However, as we have discussed on many occasions, consumer-grade apps are generally owned by multi-national social media companies, that don’t particularly care about your meta data, and might even sell it to advertisers.

Recognising this vulnerability, the Cyber Protection Team is piloting Armour Mobile.  Currently being used very successfully by a small group that often work remotely, the plan is to encourage the use of Armour Mobile more widely.

Watch this space for further details.

Posted on

Armour supports Royal Signals Cyclist

Working in secure comms, we come across many interesting and varied characters, all with a different background story to tell.  Recently I met Mark Howells, a reservist with the Royal Signals, and formerly a full timer, having seen several tours of active service. Mark has been instrumental in setting up a new cyber protection team within his regiment, and we’ve talked shop on several occasions.

However, what really got my interest was when Mark started to tell me about the proactive steps he was taking to deal with his Post Traumatic Stress Syndrome (PTSD). Depending on which source to you go to, PTSD affects from 5 – 10% of military personnel, and is on the increase.  Although the increase could be because it is now a recognised condition, that is talked about, and so people feel more able to ask for help.  Whichever way you look at it, mental health is something that we all need to be aware of.

Mark told me how he found cycling was a great therapy helping him to manage his symptoms, and so continue an active and healthy lifestyle.  With coaching from the Army, and a strict training regime, Mark has achieved a lot.  Not only that, he has big ambitions.

Mark’s goal is to represent his country at the Invictus Games in 2020.  Meanwhile he is taking part in events every week, and has a packed schedule of races for the coming season.

At Armour we are very proud to support Mark in his endeavours, and will publish occasional posts here, to up date you of his progress.

Posted on

Armour Comms launches Armour Mobile v3.0 at Cyber UK and demonstrates interoperability for encrypted voice to live audience at Secure Chorus’ workshop

Cyber UK Venue

Cyber UK 2019,  24 – 25 April

Scottish Event Campus, Glasgow,

Stand: B9

London, 26 March 2019: Armour Communications, the leading provider of specialist, secure communications solutions, is launching the latest version of its flagship product Armour Mobile at Cyber UK 2019 – the premier annual cyber security event run by the UK’s NCSC (National Cyber Security Centre).  In addition, Armour will be demonstrating full integration of Secure Chorus’ interoperability standards for encrypted voice calls, to a live audience, with Leonardo, BAE Applied Intelligence and a defence organisation. The interactive workshop, hosted by the NCSC and led by Secure Chorus takes place on 24 April at 14.00 and is part of Stream G.

Armour Mobile v3.0 introduces significant new features including biometric authentication (fingerprint and facial recognition), and rapid ‘auto’ provisioning of new users using secure QR codes or encrypted links within emails. There is a host of additional refinements, including sending a secure voicemail or text note when a user is unable to accept a voice or video call; accessibility options such as user-defined text sizes; and MessageBurn has added sophistication – for example, a marker to alert the user if they failed to read a secure message before it has been ‘burned’.

The demonstration of interoperability for encrypted voice calls at the Secure Chorus workshop will show how Armour Mobile can connect multiple groups or communities transparently to end users, maximising the ease with which they can communicate securely across different organisations. This is particularly useful where security requirements preclude these groups from merging their IT networks and, instead, provides a novel solution to allow them to collaborate securely on joint projects.

David Holman, Director at Armour Comms commented; “For enterprise security to be effective it needs to be transparent to the end user. With this in mind, Armour Mobile v3.0 has been developed to include many new features that significantly enhance usability. The new auto-provisioning facility means that Armour Mobile can now be deployed on a large scale, quickly with minimal overhead for IT, security and the end-user.

“Interoperability is a key criteria for a communications app, and we are delighted to be able to demonstrate how Armour Mobile is able to work across user communities, so that even where a different Key Management System (KMS) is in use, the end user only needs to know a colleague’s secure contact number to be able to communicate with them securely.”

Armour Comms’ solutions for secure communications work on everyday smartphones, tablets and Windows 10 desktops. With the same usability as consumer-grade apps, and  with significantly enhanced security, Armour Mobile supports voice calls, video calls, one-to-one and group messaging, voice and video conference calls, file attachments and sent/received/read message status. Message Burn limits the lifespan of sensitive data at rest, where users can set a time at which their messages are automatically deleted (or as the name implies, ‘burn’) on the recipient’s device, for immediate action after being read, or at a given time after sending, according to confidentiality.

Using a FIPS 140-2 validated crypto core, Armour Mobile has been awarded many other certifications including CPA (Commercial Product Assurance) from the NCSC and is included in the NATO Information Assurance catalogue.

Armour Comms partners also exhibiting at Cyber UK include: BAE Systems on stand E22, Amiosec on stand E20, Leonardo on stand E15, Qinetiq on stand B2, Nine23 on stand SBH15 and Templar Executives on stand SBH7.

Posted on

Armour Comms shows latest secure mobile comms apps at Security & Policing

Security & Policing Home Office Event

5 – 7 March 2019

Farnborough International Exhibition and Conference Centre

Stand: F25

London, 5 March 2019: Armour Communications, a leading provider of specialist, secure communications solutions, will be demonstrating the latest versions of Armour Mobile, Armour Blue and Armour Desktop at the Home Office’s Security and Policing event.

Armour Comms’ solutions for secure communications work on everyday smartphones, tablets and Windows 10 desktops. With the same usability as consumer-grade apps, and  with significantly enhanced security, Armour Mobile supports voice calls, video calls, one-to-one and group messaging, voice and video conference calls, file attachments and sent/received/read message status. Message Burn limits the lifespan of sensitive data at rest, where users can set a time at which their messages are automatically deleted (or as the name implies, ‘burn’) on the recipient’s device, for immediate action after being read, or in the future, according to confidentiality.

Armour will be showing a technology preview of the latest version of Armour Blue which  includes Mission Critical Push to Talk (MCPTT) functionality that meets the requirements of public safety mission critical voice communication.

The latest version of Armour Desktop extends the secure mobile communications capabilities of Armour Mobile and Armour Blue via a Windows 10 softphone, and, can bring additional Command and Control capabilities.

In 2018, Armour successfully participated in a week of plug-testing for (MCPTT) protocols organised by the European Telecommunications Standards Institute (ETSI) and The Critical Communications Association (TCCA) in Texas. The protocols are fully integrated into the Armour Blue solution and supports different use cases including emergency and blue light, police and law enforcement, covert ops and others.

David Holman, Director at Armour Comms commented; “At Armour we are committed to developing and delivering highly usable, secure communications solutions that are equally suitable for use by the Enterprise, as well as the more security conscious organisations such as Government departments, Police and Law Enforcement and Special Services.”

Using a FIPS 140-2 validated crypto core, Armour Mobile has been awarded many other certifications including CPA (Commercial Product Assurance) from the National Cyber Security Centre (NCSC) and is included in the NATO Information Assurance catalogue.

Posted on

Armour Mobile now available on Nine23’s secure enterprise platform

Nine23

Partnership with Nine23 provides users with easy to use, secure transparent communications and messaging while protecting enterprise data

London, 26 February 2019: Armour Communications, a leading provider of specialist, secure communications solutions, has announced that its solutions, Armour Mobile and Armour Desktop are now available on Nine23’s certified enterprise management platform, FLEX.  Armour Comms’ solutions will be offered via Nine23’s FLEX platform, which is accredited to handle information up to OFFICIAL-SENSITIVE, enabling enterprise users to securely use mobile, tablet, and laptop devices from any operating system including iOS, Android and Windows10.

Stuart McKean CEO of Nine23 said; “At Nine23 we work with Enterprise clients that operate in highly regulated environments and regard secure communications as necessary for everyday operations. They often have significant members of staff who need to be able to rely on a robust, secure environment to meet the needs of today’s modern mobile or remote working.

“Our proposition is to make it easy for users to access the technology that they need to do a day’s work. If it isn’t easy then they will go elsewhere, creating a potential security vulnerability. Armour Comms’ solutions offer the strength of security that our clients demand, while still being designed with the end user in mind. Platform FLEX is already accredited to connect to the PSN as a gateway provider and Armour’s technology adds value to our platform offering.” 

With its focus on interoperability Armour Mobile was the first secure communications app to connect to Skype for Business. Nine23’s FLEX platform also meets the entire management and audit requirements for Unified endpoint Management (UEM), App Store, Content Management and secure endpoint hosting.

David Holman, Director at Armour Comms commented; “Nine23 is an established provider of a secure cloud environment that enables enterprise mobility to a high security standard. Armour Comm’s partnership with Nine23 is an ideal way for enterprise end users, inside and external to an organisation, to communicate transparently within a secure and private, hosted environment. Our solutions are intuitive and easy to use and together with Nine23’s enterprise cloud platform provide a secure, robust platform for ultimate control of communications and associated meta data.”

Posted on

A third of organisations use consumer-grade apps for business communications

Survey Results

Armour Comms Survey highlights alarming lack of awareness around mobile security

London, 29 January 2019: Armour Communications, a leading provider of specialist, secure communications solutions, has published the results from its Mobile Communications Survey. The findings revealed that a third (32%) of organisations use consumer grade apps such as WhatsApp, SMS and Skype for business communications.  Over two thirds (68%) use these apps regularly every day and over a third (36%) use the apps to discuss sensitive and confidential topics.

The Survey also asked respondents to select from a list of different well known technologies, hacks and viruses which could be used to target mobile phones – nearly half (44%) answered incorrectly.

David Holman, Director at Armour Comms commented; “We see stories in the press on a regular basis about data leakage, sensitive customer data that is hacked by criminals, and yet, for most organisations managing how their staff are using their mobile phones remains a challenge. Consumer-grade apps, where the user has little control of what happens to their data, are often downloaded and used within organisations for sharing sensitive information, almost by stealth, because the IT/security department has no visibility of the apps being used.”

While viruses and malware on mobile phones are rare, tools for eavesdropping, such as IMSI catchers are increasingly within the reach of criminals that want to spy on others. Accordingly to the latest research by Ponemon, organisations have a nearly 28% chance of having a data breach in the next two years. In another report, social engineering is involved in over 90% of data breaches, where people are tricked into doing something, like clicking a link or providing data, to someone impersonating someone else.

Another pitfall for the unwary mobile user is WiFi which is often not as secure as people assume. All of these type of attacks are particularly easy to do with mobile phones where standard network encryption can be poor to non-existent, due to outdated infrastructure that is in parts well over 40 years old and probably no longer fit for purpose. This makes interception of mobile calls and messages much easier than it should be, and the user would be totally unaware until it was too late.

“In our experience end-users don’t deliberately put data at risk, they simply want to get on with their work, and extra security can cause an issue. The results from this survey highlight the fact that many organisations are unaware of the pitfalls of using consumer grade-apps for handling sensitive corporate information, whether that is intellectual property and trade secrets, customer information, or details of commercial transactions.”

Posted on

EU diplomatic message data hacked

EU Flag

We read in the New York Times just this week that thousands of the EU’s diplomatic messages have been intercepted over the course of a concerted three year attack.  https://www.nytimes.com/2018/12/18/us/politics/european-diplomats-cables-hacked.html According to Computing the hackers accessed the European network known as COREU or CORTESY.

COREU is a comms network of the European Union for the communication of the Council of the European Union.  It is the European equivalent of the American Secret Internet Protocol Router Network (SIPRNet, also known as Intelink-S).

The original system was set up in the early 70s and was telex based.  It was replaced in the 90s by CORTESY (COREU Terminal Equipment System), so despite using encryption for messages it is still very old technology.

One crumb of comfort is that information marked as CONFIDENTIAL or SECRET was not affected.

However, this does highlight that even what on the face of it may be mundane, day to day communications are of interest and therefore of value to someone – in this case, the suspected perpetrators are the Chinese military.

Protect your Intellectual Property

While your organisation may not be of interest to the Chinese military, there will be someone out there who probably would like to know a bit more about your business.  Competitors that want to target your customers, or access trade secrets (product information, formulae, recipes, etc.), or hackers and criminals looking to steal your identity or the contents of your bank account!

My point is that your information doesn’t need to be what you would naturally think of as confidential or secret.  Everyday messages about clients, products, product recalls, meetings, office gossip can all be valuable for profiling and piecing together information about who you are dealing with, the nature of those dealings, and information about individuals that could be used for commercial leverage or identity theft.

Mobile devices – the new End Point

With our almost universal reliance on computers, industrial espionage has become a lot more about hacking skills.  Hugely valuable information is accessed by workers from their mobiles and with GDPR many organisations are beginning to understand that the new end-point is mobile phones and the consumer grade apps that staff use to communicate.

As we’ve said on numerous occasions, don’t be lulled into a false sense of security by the word ‘encryption’.  Encryption is never the weakest point that hackers will target.  It is usually a weakness in the system; in the case of the EU it was old technology.  Even if you are using relatively new technology in the form of messaging apps, you still need to consider the security of your whole mobile comms system, including where data is held (i.e. is your service provided by a multi-national social media company that needs to monetize its members’ data to make revenue?), exactly who might have access to it, and any weak points within the system.

Here are a few of our recent blogs that explain the pitfalls in more detail:

The dangers of relying on SMS based two factor authentication:

https://www.armourcomms.com/2018/08/16/avoid-sms-based-two-factor-authentication/?cat-slug=10

Chat apps that have spread through corporate networks by stealth are the most hacked type of app, and the most widely banned:

https://www.armourcomms.com/2018/07/31/free-apps-you-might-get-more-than-you-bargained-for/?cat-slug=10

Avoiding shady Wi-Fi hotspots:

https://www.armourcomms.com/2018/07/05/world-cup-fever-or-holiday-wi-fi-nightmare/?cat-slug=10

Staff mobile phones are also covered by GDPR, here’s what you need to do:

https://www.armourcomms.com/2018/05/24/gdpr-is-here-dont-forget-your-mobile-comms-need-securing-too/ 

If you fear that your mobile comms could be vulnerable to eavesdroppers, competitors or criminals, contact us today to discuss a solution.

Posted on

Rogue Users – What would you do?

Security Mobile

Trump and his foreign nation state eavesdroppers

According to a recent article in the New York Times, conversations on the President’s mobile phones are being listened to by the Russians and Chinese.  As we’ve reported on many occasions, listening in to standard mobile phone conversations is fairly straightforward with IMSI-catcher from just $20, and especially with the resources of a nation state.  The article goes on to explain that the Chinese are monitoring who the President talks to and who influences him.  They are learning what arguments tend to win him over and using that intel to avoid a trade war, so the story goes.

How interesting are your users?

All this begs the question, if the Secret Service, CIA and FBI can’t control one rogue user, how can any organisation be sure that their employees toe the line when it comes to security? As ever, Bruce Schneier articulates the problems of security of mobile devices in his blog very well, and makes the point that it’s not just the President and other heads of state that are at risk.  Anyone who is potentially interesting to criminals or commercial competitors could find themselves subject to eavesdroppers, whether a CEO of a quoted company, any number of sales people, company executives, product developers with trade secrets and intellectual property to protect, or government officials involved in a trade negotiation – I imagine all those involved in the current Brexit dealings are under a huge amount of scrutiny!

Good advice – but does anyone listen?

The UK’s National Cyber Security Centre (NCSC) has a plethora of advice and user guidelines.  All of it is written in easy to understand language, specifically for organisations to re-use with their own employees. Its advice for end users is a case in point.

While all of this seems fairly basic stuff, if you live and breathe cyber security as we do, the following are still good ways to avoid the majority of cyber threats:

  • Use strong passwords and don’t reuse them between different accounts
  • Be careful which apps you download
  • Only use secure/known WiFi connections
  • Don’t leave your device lying around
  • Don’t open phishing emails
  • Don’t visit dodgy websites
  • Be extra careful about what networks you use when abroad
  • Only use secure methods of communication when dealing with sensitive information

 

Making security invisible

The inconvenience of not being able to make a call, send a message or text exactly when you want to is just too much for many workers who are under pressure to perform in today’s always on culture.

Security has to be designed into the apps that we use daily and has to be almost invisible to the end user.  And if you are asking them to use a different app or process to the consumer-grade equivalent, it had better offer at least as good a user experience.

Contact us now for more information about how Armour Mobile can provide a highly useable and secure alternative to consumer-grade communication apps.