Hardware is Mandatory for Effective Mobile Security Encryption
New reports emerging that security software and apps are vulnerable to hackers, underscoring need for hardware-based solutions
Philip L. Allchin,
Director of Security Solutions
In the wake of recent news about government spying reports, paranoia has entered the mainstream – translating into a boom in media attention and business for companies like ours providing data and voice security solutions.
With consumers, business and government customers flocking to an array of encryption products to secure their communications, news reports are emerging that key core security components of several secure telephony applications are plagued by important security flaws that expose Android and Apple phones to hackers’ control.
Writing in his blog, Mark Dowd of Azimuth Security said that apps including Silent Circle, which promises users to make untraceable calls over and encrypted network, are scrambling to fix two major flaws with the GNU ZRTPCPP library that could lead to unauthorized hackers detecting privileged data about a phone, and even remotely take over a targeted device.
Even more disturbing is this vulnerability extends to several other software providers and affected products, including an array of software VoIP products that make use of ZRTP’s open source code.
Now, more than ever, it is imperative to ensure the solution you choose protects you from attacks against software applications and smartphone operating systems, not a capability easily found by solutions on Google Play or the App Store.
Software-only solutions simply can’t provide this level of protection. Bottom line: when it comes to safeguarding your data and voice privacy, hardware is the only solution.
While voice encryption is available via a software solution, only the combination of hardware- and software-based encryption delivers the most secure connection. In fact, the National Institutes of Standards and Technology recommends that all federal users implement hardware-based security.
To learn more about how to protect encryption keys and algorithms from attacks against software applications and smartphone operating systems, please check out KoolSpan’s hardware-based TrustChip