Stored Data is a Double-edged Sword

Image by Myntex

Cybercrime exploded during the pandemic and continues to rise. Enterprise organizations reporting huge data breaches this year include Apple (18MM users), Microsoft (65K companies in 111 countries), and Twitter (5.4MM account profiles). While American companies are targeted more than most, the problem is global in scope.

“2022 has been littered with thefts of sensitive information. This year, they’ve affected companies and organizations of all shapes, sizes, and sectors.”

You Don’t Have To Be Rich or Famous

Personal Identifiable Information is considered the top category sought in breaches because customer data typically includes financial records. On the dark web, customer PII – representing 80% of breaches reported in 2020 by IBM & Ponemom. It adds up fast when stolen data can be sold by criminals online to fraudsters for US$175 per record.

The ID Theft Center notes in its’ 2022 Business Impact Report that 57% of US small businesses have had a security or data breach, or both. This proves all businesses are at risk of exposure and economic loss despite headlines highlighting the major violations.

Five of the Worst Recent Cyberattacks

Australia has been hard hit with hacks this year, including the latest cyberattack which targeted the Department of Justice. Two of the biggest breaches jeopardized the privacy of millions of its’ citizens.

A massive data breach at Australian telecom, Optus, in September may have been the worst incident there ever. The company has close to 10 million subscribers (about 40% of the country’s population).

The hack was either a State-Sponsored attack (SSA) or conducted by a crime organization, penetrating the company’s firewall to find sensitive info. Physical addresses, driver’s licenses and passport numbers were amongst the intel obtained. No ransom was paid despite the hacker’s demand for US $1.5MM. However, the cost for Optus to settle the resulting class action lawsuit could be between $5B and $20B, with payments per individual of between $5,000 to $20,000.

In October, Australia’s largest health insurance provider was hacked. Medibank holds the private records of every client, past and present, affecting 10 million victims. All were visible to the assailants – including those belonging to foreign students.

Reports show, beyond the personal data obtained, “Significant amounts of customers’ health data was compromised as well.” This includes health claims data, Medicare card numbers, and policy numbers. Following these infringements, Australia’s government moved to make companies more accountable. The Attorney-General wants penalties “three times the value of the benefit obtained through misuse of data, or 30 per cent of a company’s adjusted turnover in the relevant period” – whichever is higher, up to the maximum fines of $50MM against repeatedly breached companies.

Medibank’s stock price plummeted 14%, which was the sharpest drop for the company in a single day since it started trading shares. The company is still investigating; however, it believes a criminal organization compromised user credentials. It then started payment negotiations after stealing data. Police warned Medibank not to pay the cyber extortionist. In November, the hackers followed through on a threat to pay the ransom within 24-hours or they would publicly release the stolen data. Millions of health records were posted on the dark web. The cost to remediate the damage caused by the breach is expected to be $150MM.

As for repeat breaches, the Costa Rican Government declared a state of emergency in May after its second cyberattack in as many months by the ransomware gangs, Conti. In its first assault, Conti demanded $10MM from the Ministry of Finance, which declined to pay. The second attack saw a single threat actor from the Ransomware-as-a-Service (RaaS) organization claiming responsibility.

One report noted, “In the first two days of the attack alone, the Costa Rican Chamber of Foreign Commerce estimated losses of over $125 million.” To try pressure the newly elected President to pay, the attackers sent an intimidating message saying it would be able to overthrow Costa Rica’s government if ransom wasn’t paid, raising the amount to $20MM.

The Conti attack prompted the US government to offer rewards of up to $10MM for identifying information on the location of Conti leadership and a further $5MM if the intelligence leads to arrest of any conspirators in a Conti ransomware incident in any country.

“This type of attack is designed to be controlled remotely. Malware operators hack into a network and gain domain and administrator credentials, locking and encrypting the entire hard drive.” Conti leaked more than 670 gigabytes of data on May 20th from Costa Rican government servers.”

An American student loan servicing company, Nelnet, is facing a class action over a data breach affecting the Oklahoma Student Loan Authority and Edfinancial. “Nelnet failed to uphold its data security obligations to Plaintiff and Class Members,” the suit alleges. “As a result, Plaintiff and Class Members are significantly harmed and will be at a high risk of identity theft and fraud for many years to come.”

The names, addresses, email addresses, phone numbers, and Social Security numbers of those impacted were exposed. Further information on the how the breach happened was not shared by Nelnet.

More than 2.5 million borrowers had their private information stolen when an unauthorized actor gained access to the company’s network from June 1st through to July 22nd. It wasn’t identified until August 17th. The breach could result in those affected being targeted by bad actors for subsequent attacks such as, impersonation, social engineering, phishing, and various scamming schemes from the PII being sold on the deep web.

One of the largest verified breaches to date this year targeted the fantasy digital pet company, Neopets. According to the rogue hacker, interviewed by BleepingComputer, the account data of over 69 million members had been stolen, but did not reveal how they gained access. The database contained source code for the neopets.com website owned by Jumpstart; a subsidiary of China based NetDragon. Instead of extorting the company, interested buyers were being courted in online forums.

It’s surprising the attacker didn’t demand ransom, considering NetDragon group currently holds over US$40MM worth of cryptocurrencies. (Perhaps this attack aimed to raise the hackers’ status?) Instead, the source code and database for the popular website is up for sale on an online forum. The hacker is only asking four bitcoins, valued at US $90,500. Last November, NetDragon sold ~4,200 non-fungible tokens over four days. The NFTs are known as the Neopets Metaverse Collection.

How Criminals Obtain Private Data

Most data breaches are due to cyberattacks, with phishing and ransomware continuing to be the root causes again this year. Security Magazine found the largest attack vector was “unknown” in Q1 2022, which was a 40% increase in the total number of unknown breaches for all of 2021. “While data breach notice updates may include more attack information, the increasing lack of transparency in the notices is a risk to organizations and consumers.”

Hacking was the primary cause of data breaches in companies with 500 or less employees. However, remote workers were responsible in 35% of reported incidents and third-party vendors in another 29% of cases. More than half of the companies though their accounts were compromised by responding to a direct message and 45% say a phishing link or shared account credentials with an impersonator was to blame. One-third said the malicious actor claimed to be a customer, prospect, or vendor.

About half of the impacted companies spent between a quarter and a half million dollars to cover the cost of these breaches and almost 20% spent from $500k to $1MM USD. Coming back from a breach can take one to two years for most companies. In addition to the financial burden, a third of those surveyed experienced loss of customer trust.

Perception vs Reality

Questions are being raised as to whom or what is to blame for the proliferation of major data center breaches around the world. With governments, service providers, retailers, insurers, and health care agencies amongst some of the biggest hacks this year—cybersecurity experts point to apathy.

Fittingly, the responsibility lies with CEOs, CISOs, boards, and corporate policy. There is a focus in business today that prioritizes data intelligence over data security.

According to Harvard Business Review, most companies either don’t have any cyber insurance or not enough. Furthermore, with the increase in ransomware attacks and payouts, the industry itself is at risk. Ransomware attacks have skyrocketed, and payouts have grown exponentially. This is a worrisome trend for insurers.

For example, “With around 250 companies buying at least $200 million in protection, it would only take five insured losses of a bit more than that amount to wipe out an entire year’s premium. That’s only 2% of the companies in the market buying that much coverage. That kind of loss would likely take decades for insurers to earn back such losses.”

Clearly, the focus needs to be on prevention instead of damage recovery.

A Better Way To Block Attacks

Considering the main gateway to ransomware attacks and breaches is phishing, you have to look at your mobile device management. BYOD policies put businesses at risk. You need to mitigate the element of human error. Perhaps the most important practice you can instill in your workforce is password hygiene. But even the best cybersecurity training can’t stop employees from inadvertently making a mistake. Unless you remove unnecessary apps, internet browsing, and other activities not essential to business communications, you will never be truly protected. Don’t settle for a free app that is only focused on privacy and not on network security. Ensure your teams’ messages and calls are secured by a service provider that uses end-to-end encryption and doesn’t store any of your PII in its data center.

Real-World Views on Cybersecurity and The Cost of Cybercrime to Business

Myntex Partners’ Top Cybersecurity Threats based on August 2022 Survey Results

Each autumn, with the back-to-business mindset following summer holidays, organizations reflect on their sensitive data during Cybersecurity Awareness Month, observed in October. Businesses spend billions of dollars annually on cybersecurity. Statista forecasts the global Information Security market will approach $175B by 2024. Products and services supporting this market are expected to hit $1.1725 trillion USD in 2022.

We asked a selection of our business partners—BlackBerry, JT IoT, and SLNT—for their perspective on the current threat landscape and what they’re doing to mitigate risks.

Every enterprise knows the importance of investing in InfoSec. Increasingly, CEOs are adding a box to their org chart filled by a Chief Information Security Officer. Nonetheless, CISOs face pushback from their peers in the C-Suite. The CFO says cybersecurity is too expensive. The COO thinks all the controls slow productivity. The CIO advocates for IT outsourcing. While the CMO wants marketing to have access to custom data.

Mobile Device Management is a critical element of any robust IS strategy, which is essential to keep your network safe from harm. Specializing in encrypted mobile solutions, security and privacy is our core business at Myntex. We are focused on the very essence of cybersecurity, which is verifying the identity of others, while continuously proving our encryption is authenticated to defend against malicious interference and data breaches.

The Most Common and Costliest Cyberattacks on Business

Ransomware has been the dominant cybersecurity news story this past year, affecting not only enterprise organizations but increasingly targeting small-to-medium business.

As an industry leader in cybersecurity BlackBerry notes, “The current infrastructure of the underground cyber economy continues to evolve quickly with threat groups sharing hacking techniques, malware code, tech infrastructure, target lists, and even exporting stages of the process to hackers with specializations, allowing for attackers to operate faster and at scale. In fact, some of the biggest incidents of 2021 appear to have been the result of this outsourcing. On top of that, cybercriminals can often circumvent being shut down by authorities by breaking up and reorganizing as new cybercriminals groups.”

The company confirmed it believes the best defense is to adopt a prevention-first approach to cybersecurity. “BlackBerry customers benefit with artificial intelligence (AI) and machine learning (ML) driven cybersecurity products, which have been independently proven to prevent malware from executing on endpoints including the latest ransomware strains.”

Gateway Attacks and Vulnerabilities As indicated in the Statista charts below, phishing was the most common cause of ransomware attacks reported by managed service providers.

Source: Statista, Phishing gateway to Ransomware.

According to Datto’s Global State of the Channel Ransomware Report, “Carelessness and gullibility are the greatest threat to small businesses. With phishing mails, poor user practices and lack of cybersecurity training on top of the list of leading causes of ransomware attacks, it becomes clear that end user education is an essential part of IT security.”

These cybersecurity threats resonate with our industry partners. Employee driven threats appeared across the companies we surveyed as a top concern.

SLNT® CEO, Aaron Zar, ensures all employees and contractors are trained on cybersecurity best practices, which the company regularly updates to keep staff and systems safe.

“Just like technology, cybersecurity is always changing and evolving,” notes company spokesperson Avie Zar. “Our Cybersecurity mitigation plan is reviewed annually. When reviewing and updating a plan we always cover these key topics.”

By analyzing and identifying potential threats, through internal and external risk assessments. Beyond implementing a plan to protect the business, SLNT keeps looking for vulnerabilities, with monitoring practices aimed at detection.

Key Business Systems Under Attack

Enterprise Management – An Internet Crime Report shows business email and spoofing attacks rose sharply with the pandemic, leading victims to send criminals fraudulent wire transfers. “They do so by compromising an employer or financial director’s email, such as a CEO or CFO, which would then be used to request employees to participate in virtual meeting platforms.”

Operations Management – The latest DBIR notes, “2021 illustrated how one key supply chain breach can lead to wide ranging consequences. Supply chain was responsible for 62% of System Intrusion incidents this year. Unlike a Financially motivated actor, Nation- state threat actors may skip the breach and keep the access.”

Financial Management – Today’s CFO makes critical cybersecurity decisions, especially with the risks associated with ransomware. “There are costs for remediation, cybersecurity software meant to prevent ransomware, and loss of productivity. There’s also a potential cost associated with damage to an organization’s brand and reputation.”

Business Email Compromise Attacks

A recent report in ZDNET noted, “While ransomware gets global attention when it takes down vital services and cyber criminals get away with multi-million dollar ransom payments, there’s another big cybersecurity issue that’s costing the world more money, but remains an embarrassing secret for many, even though, according to the FBI, it’s cost victims over $43 billion dollars to date

Business email compromise (BEC) scams may lack the drama of hacking attacks but it’s possible to argue that they’ve become the biggest cybersecurity issue facing the world today. 

BECs were the costliest types of cybercrime connected to financial losses in 2021.

“Losses to cybercrime increased significantly in 2021. The losses – which are located mainly in the U.S. but were collected around the world – are estimated at $6.9 billion last year, up from $4.2 billion in 2020.

Other costly cyber crimes with businesses at their center were personal data breaches and corporate data breaches, which occur when criminals steal or release the personal data of individuals or companies previously stored in a secure location.

Out of all victims recorded by the FBI, 59 percent were in the U.S., 38 percent in the UK and 3 percent elsewhere.”

Source: Statista, The Costliest Types of Cyber Crime (per million/USD)

Preventing Attacks On Business Mobile Devices

One of the world’s leading carrier-neutral IoT connectivity platforms, JT IoT is a SIM card provider for our custom encrypted mobile solution, ChatMail™. “Supported by a team of 70+ people and with over 500+ global networks, JT IoT provides customers sustainable, scalable, compliant, and secure access to connectivity.” The company has a Bring Your Own Device to work policy, which it manages through Microsoft Endpoint. Proactive security audits with penetration tests from third-party providers is part of their cybersecurity risk mitigation plan.

Organizations need to be pre-emptive in safeguarding mobile communications with policies to protect all users and hardened devices for key team members who need extra security. Awareness of possible attack vectors is a fundamental first step, especially for small to medium size businesses who are increasingly being targeted.

  • Malware – malicious software that can steal login credentials while bypassing 2FA
  • BYOD programs – a risk to your MDM in part due to the use of apps and social media
  • MitM attacks – mobile applications using unencrypted HTTP
  • Insecure devices – the lack of security and privacy features of a tamper-proof phone

Cybersecurity Awareness is a daily practice and with the right tools you can trust your communications are both private and secure.

Myntex is an industry leader in the field of encryption technology, offering enterprises expertise in mobile security supported with evidence based live data extractions.

The Most Exposed and Targeted Sectors at Risk of Cyber Crime

Data Source: Check Point Average Weekly Cyberattacks (2021) per Organization by Industry

With the cost to manage vulnerabilities in digital security expected to grow from $6.7 billion in 2020 to $15.86 billion by 2030, it makes sense to know the cyber risks your industry faces to proactively prepare.

Human error is the main risk factor for business cyberattacks. When your employees use smartphones for work, they are introducing vulnerabilities. Third-party apps, internet browsing, Bluetooth, GPS, USB connectivity – all of these are vectors for malicious actors to access your sensitive and valuable data. Imagine how much more secure these sectors would be if they used encrypted, hardened phones. Never mind the cost to your bottom line or reputation.

According to Check Point Research, 2021 saw a 40% increase worldwide in cyberattacks with about one in 60 organizations impacted weekly by ransomware.

“The researchers define a cyberattack attempt as a single isolated cyber occurrence that could be at any point in the attack chain — scanning/exploiting vulnerabilities, sending phishing emails, malicious website access, malicious file downloads (from Web/email), second-stage downloads, and command-and-control communications.”

Here’s a look at the five industries most targeted by cyberattacks in 2021, inspired by research posted in Forbes by a global thought leader in cybersecurity and emerging technology, Chuck Brooks.

Education/Research

Considering the shift to distance learning during the pandemic, it is not surprising education and research is the top sector being targeted by malicious actors. The Data Group Manager at Check Point, noted, “Students, parents and schools are tempting targets for hackers, mainly because of data – there’s lots of it. From gradebooks to online assignments, hackers have far more access points to sensitive information and data. Data is leverage for hackers and can be used to orchestrate ransomware attacks.”

The top regions for cyberattacks on education/research were the Pacific Rim, with an average of 4,176 a week in Australia and New Zealand, just slightly ahead the rest of Asia. Europe had 1,861 attacks weekly.

A study of ransomware attacks in 2021 revealed education and retail were equally targeted with a 44% increase, yet as a sector education had three times as many cyberattacks. Schools, tied with places of worship, received the most brand-impersonation credential phishing attacks.

Government/Military

This was the second highest sector to be attacked in 2021. Government agencies are high valued targets for the information they hold with a vast amount of confidential data, which hackers exploit – often through state-sponsored attacks.

At the end of 2021, the Log4j vulnerability left countries around the world scrambling to fix the single biggest threat in the last decade and likely the most critical code loophole ever. The Belgian military, as an example, was hit hard and spent five days countering the cyberattack.

The SolarWinds Supply Chain Trojan attack was a global threat, believed to have been a Russian sponsored attack, which affected the US government as well as major corporations. Newsweek reported, “State Department, Department of Homeland Security and some parts of the Pentagon appeared to have been compromised.”

An Iranian Facebook hacking campaign target US Military was revealed in 2021 in which social engineering was used to send infected malware files and to use phishing schemes to get credentials.

Communications

In third place, this sector experienced many devastating cyberattacks. The industry vertical for Technology, Media and Telecommunications made headlines around the world for notable takedowns. The Australian broadcaster Channel Nine was hit by a cyberattack, which left the network unable to air several shows or its Sunday news on March 28, 2021. Coincidentally, the Australian government faced an attack at the same time.

Mobile phone companies were also hard hit. A year ago on August 17th, the T-Mobile cyberattack compromised data of millions of their customers, former customers, and prospective customers. T‑Mobile said, “Fortunately, the breach did not expose any customer financial information, credit card information, debit or other payment information but, like so many breaches before, some SSN, name, address, date of birth and driver’s license/ID information was compromised.”

Internet Service Providers/Management Service Providers

Irish ISPs were the target of a series of “denial of service” strikes in May 2021. There was no indication the DDoS cyberattacks were related to the concurrent Health Service Executive ransomware attack, which caused the country’s IT systems to be shut down nationwide.

The Internet of Things has proven to be a major cybersecurity challenge for ISPs. An estimated 25 billion IoT devices were connected online in 2021. Cybercriminals increased their IoT attacks with both ISPs and Telecoms seeing the impact through hacking and data breaches. This included DDoS attacks, Network congestion, RFID interference, Routing attacks, and Sybil attacks on computer network security.

According to the Sophos State of Ransomware 2021 white paper, IT, technology and telecoms were the industry vertical hardest hit by Ransomware.

Management Service Providers are outsourced IT services. Typically, MSPs handle IT infrastructure, technical support, user access within corporate client systems, and hardware outsourcing.

MSPs also act as third-party server storage, provide Software-as-a-Service, or niche technical expertise. Microsoft Exchange is a cloud-based email service. A mass cyberattack affected millions of Microsoft clients around the globe, wherein threat actors actively exploited four zero-day vulnerabilities in Microsoft’s Exchange Server. It is believed that nine government agencies, as well as over 60,000 private companies in the US alone, were affected by the attack.

Healthcare

The Abnormal Security Email Threat Report noted there is a rise in business email compromise attacks. BECs occur when a scammer accesses the email of the targeted business contact and impersonates them using their identity to target other victims.

When cybersecurity expert, Brian Krebs, reported on Ransomware attacks in the Healthcare sector, he asked a source how many healthcare organizations get hit with ransomware on average in one week? His source confided “It’s more like one a day.”

The Bigger Picture

Overall, the global distribution of cyberattacks was highest in Africa, with an average of 1,615 per organization each week, which is an increase of 15% over 2020. Asia and the Pacific was second with a 20% increase amounting to an average of 1,300 weekly attacks per organization. Coming in third, with an average of 1,115 attacks weekly, at almost a 40% increase, is Latin America.

Business Email Compromise attacks can be sent to anyone, but executives or finance department personnel are prime targets. According to a report on email and phone fraud scams in 2021, despite having employee preventative training, IT departments and cybersecurity support, the companies with the highest probability of being targeted by an attack are those with the most employees. In fact, enterprise organizations have a 95% chance of receiving a BEC attack every week due to the high volume of email received.

“Small businesses under 500 employees were fortunate to experience only an average 12% probability of attack throughout the half, but large organizations comprised of more than 50,000 employees received an attack nearly three weeks out of each month.”

As a Cybersecurity expert, Brooks shared risk management strategies in a Homeland Security blog,  surmising, “The bottom line is that almost every type of business, large and small, touches aspects of cybersecurity whether it involves law, finance, transportation, retail, communications, entertainment, healthcare, or energy. Cyber threats are ubiquitous, and they can be an existential event for companies and the C-Suite urgently needs to have a plan.”

As world renowned business and technology futurist Bernard Marr stated in his report on the biggest cyber security risks in 2022, “Aside from the potential for breach of privacy, loss of money, and disruption to infrastructure from cyber-attacks, there’s another genuine and pressing problem that’s often overlooked: A loss in the trust in tech and data.”

Myntex has an encrypted mobile solution, ChatMail™, which can securely protect your privacy and reduce your at risk attack vectors for email, messaging, calling, notes and pictures. Enterprise businesses can request a live data extraction proving the soundness of our technology.

Why We Created Proprietary Encryption Protocols and Why It Matters

Encryption conventions permeate every part of the Internet. There are many different protocols, each with its own merits and in some cases vulnerabilities. Despite providing end-to-end encryption, the policies and practices of popular free apps can put your reputation at risk.

  • Facebook wants to use homomorphic encryption to monetize WhatsApp and Messenger user data
  • Telegram actively shares user data with government agencies and censors content
  • Viber has various security and privacy issues

Myntex Inc. engineered our most secure mobile solution, ChatMail, to be the best in the world. We prove our encryption with live data extractions for enterprise organizations and we are the only encrypted phone provider to do so.

ChatMail’s Advanced Message and Parsing protocol, known as CAMP, protects users of our encrypted phones across multiple layers. The reasons behind our decision to incorporate the custom cryptographic algorithms we use is the focus of this exposé.

Parsed Messaging Encryption

Myntex designed ChatMail with privacy in mind, utilizing multiple encryption algorithms. PGP, which stands for Pretty Good Privacy, is the system we use to relay encrypted external email. We were the first to parse PGP. Our parsing algorithm takes encrypted email and displays it in an easy-to-read message bubble to look like a chat message. That’s why we named it ChatMail. It is the only system to automatically identify both internal and external users. Internal users default to elliptic curve encryption and external users default to PGP. ChatMail’s Unified User Interface displays internal email in blue and external email in grey. The algorithm used is shown in each individual message.

Our default system uses the strongest encryption protocol available, safeguarding you and your data. Internal ChatMail clients use high-speed, state-of-the-art Diffie-Hellman Elliptic Curve25519 cryptography, with optional fallback to PGP. External users are PGP by default.

True End-to-End Encryption

Combining the most reliable algorithms in cryptography, our CAMP protocol ensures customer privacy with leading-edge security. The choice to use Elliptical Curve Cryptography for E2E encrypted messaging was for privacy.

Encryption begins on the sending device using ECC 25519, so that even if the recipient is not using the phone to accept the message promptly, it will remain encrypted in a delivery queue and cannot be decrypted or read until downloaded on the receiving end. Your data is never stored in plain text.

We use message encryption by default. Our customers cannot send or receive unencrypted messages. Users’ voice messages, pictures and notes are always encrypted. With ChatMail, your content is encrypted in transit, at and only stored on your device.

Calling Encryption

ChatMail key exchange for encrypted calling works with the Zimmermann Real-time Transport Protocol. With ZRTP, parties verbally confirm matching shared codes to ensure calls are private and have not been intercepted. Secure RTP protects ChatMail encrypted calls from eavesdropping.

Transport Layer Security is used to configure encrypted calling traffic. Our encrypted calling uses ECDHE X25519 (the last “E” stands for “ephemeral” which is suited to mobile devices as it is faster) with TLS 1.2 ciphers. This keeps calls and messages private and secure by removing them from prying eyes on the public internet.

ChatMail features tamper proof hardware and encryption that experts consider to be quantum proof:

  • Hash:  SHA-384 – our Secure Hash Algorithm transforms cryptographic keys with an output of 384 bits, providing unbreakable protecting against key length extension attacks
  • Cipher:  AES-256 – the algorithm used to perform encryption or decryption is called a cipher and AES-256, also referred to as Military-grade encryption, is the Advanced Encryption Standard adopted by the U.S. government to protect classified information
  • SAS Rendering:  B256 – SAS stands for Sharing a Secret, and we use it with the PGP word list to convert strings of code into simple phrases used for authenticating encrypted calls, thereby preventing Man-in-the-Middle attacks, while B256 indicates the key size in bits
  • Auth Tag:  HS80 – an Authentication Tag in ZRTP confirms each encrypted audio frame sent over an SRTP channel and HS80 is an 80-bit tag, which is preferred for security purposes
  • Key Agreement:  X25519 – encryption is performed by keys and the key size for ECDHE X25519 is 256 bits, which provides forward secrecy as an extra layer of protection against hackers, so that if one message was ever compromised, it would not affect the security of future messages

The Importance of Server-Side Security

Our data center acts as a delivery system for mobile solutions. We do not store any sent or received messages on our servers. Therefore, we also do not keep a roster. A roster is a list of contacts associated with clients for apps that retain messages on their server. Even if the company says they delete messages after 24-hours, it will leave a roster of contact information. When you delete a message from ChatMail, since there is no server storage there is no record of it.

Companies that delete messages older than 24 hours do not delete message threads and they often contain weeks’ worth of confidential communications. For an example, Telegram notes in its policy, “We store messages, photos, videos, and documents from your cloud chats on our servers so that you can access your data from any of your devices anytime without having to rely on third-party backups.”

Myntex removes the need for local server storage with our CAMP protocol. ChatMail is the only encrypted mobile solution supported by a private data center. Encryption protocols are irrelevant if the server has a backdoor or if user data is shared with marketers, governments, or other entities.

Top 10 Data Center Security Must-Haves with CEO Geoff Green

Owning and operating a private, state-of-the-art Data Center sets Myntex Inc. apart from its competition in the custom encrypted phone app industry. Myntex CEO, Geoff Green, gives an overview in this Q&A.

Question # 1

What exactly is the function of the Myntex Data Center?

Geoff:

You can think of our data center as the brains of our infrastructure. Regarding our messaging service, the data center acts as a messaging agent. When communicating with end-to-end encryption, devices need to know how to reach one another. Networking is not magic, but it is cool. You need some sort of tunnel to each device so when you send a message it can reach the intended recipient. By utilising open-source virtualization technology and custom designed hardware our data center has been the primary reason we have been able to cost effectively grow as a company. The alternative would be a less secure approach by renting co-located space and paying large fees in licensing.

Question # 2

How has the Myntex Data Center evolved over the years?

Geoff:

From a virtualization perspective we started out with the original Xen from Xen Project, which has gone through many changes throughout the years as an open-source virtualization technology.

We later transitioned to XenServer when Citrix became the dominating provider of features for the Xen hypervisor which did require license fees for support contracts. But when a new open-source project came to market called XCP-ng based on the same hypervisor we made the switch. XCP-ng is what we currently use and will continue to support their development.

We use XCP-ng for our primary virtualization technology and then on top of that, we use Docker. We run a series of virtual machines on our hardware, which means we can use orchestration software instead of a physical computer to run programs and deploy apps. CDW Canada helped us source the right equipment to fit our needs.

We’re the only encrypted mobile solution provider with our own data center. We chose to invest in one, even though it’s expensive, because it provides better privacy. We planned and developed it ourselves. Some companies just can’t afford the investment or lack the knowledge to run a private data center. You need to hire the right people, which makes it more costly.

Question # 3

What maintenance is required to ensure optimal performance in the Data Center?

Geoff:

Running a datacenter does have to have a maintenance schedule, generators, networking, hardware all must be tested and monitored to make sure they are performing at their best.

APC by Schneider Electric performs an annual inspection and maintenance. Most of the critical pieces of equipment go through their own diagnostics automatically. You’ll sometimes hear weird beeps, coming from the data center which is when the system is doing self-testing, which is a huge time saver.

The air-conditioning gets looked at every year or two. We have N+1 for all pieces of equipment including the A/C unit. If a main unit were to break, we still have a standby backup unit.

Our primary backup generator is tested monthly and must be load tested every year.

Question # 4

What disaster recovery plans are in place?

Geoff:

We took a pre-emptive approach to disaster planning. We did a complete threat analysis. Are we in a flight path? How close are we from the fuel depot? We’re not on a floodplain.

There are only a few people who have access to the data center. We have offsite backups in an undisclosed location. But the most important piece is backups of our proprietary code, which would allow us to rebuild our entire infrastructure even if the building was destroyed. The nice thing about our Calgary location is it’s not on a fault line so, you don’t have to worry about catastrophic earthquakes.

We learned a lot about flood protection when we went through a major flood in Canmore, which also devasted central Calgary. It’s the reason we opted for diesel powered backup generators, because when the 2013 flood happened, Emergency Management worried about the water exposing the underground natural gas pipes, so they shut the gas off. Calgary does have one of the most stable power grids in the world, but a generator is a must.

We have a two-stage fire suppression system inside the data center. In stage one a fire alarm sounds, and safety systems are activated. If the second stage is triggered, there’s a different alarm to warn you to get out immediately. Seconds later a dry chemical flame retardant is dispersed. We don’t use halon. We use a non-toxic, Novec fire suppression system. That’s industry standard for most data centers. There’s no water in the pipes inside the data center. There are special smoke strobes in the server room that can detect any kind of laser break, even the smoke from vaping.

80% to 85% of the costs we put into building our world class headquarters went into securing our data center. We have ballistic protection on the windows and armored doors on top of that, for protection as well as 24/7 surveillance and monitoring.

Question # 5

What are the industry standards for a Data Center security?

Geoff:

A data center needs N+1 redundancy and you should have safety systems in place, the minimum being two‑stage fire suppression. If a company has server equipment with only one A/C unit and no backup generator … that’s not a real data center. That’s more like a networking closet.

N+1 plus ensures system sustainability in the event of component failure. Components (N) have at least one independent backup (+1). The power modules in ours are N+2 redundancy, so we can lose two power modules before we’re in a critical state. So, that redundancy is vital in a data center. All the switch gears are redundant to the point of N+1, N+4 on some things, depending on where it is and what its purpose is. The best of example is N+1 from a networking perspective means if you have two routers you better have two switches to prevent a single point of failure.

To maintain 100% uptime, we use triple replication for high availability. So, for each server we have three, running on three different servers. They’re all virtualized, but they’re across three different pieces of hardware. Everything is running redundant that way.

Question # 6

What method of protection does Myntex use for DDoS?

Geoff:

We utilize different techniques and technologies for protection but our main provider is Radware, which protects us from large scale DDoS attacks – and they’ve been doing a great job for many years.

Question # 7

Why is a data center location important, and explain why Myntex is in Canada?

Geoff:

I think people just don’t understand the advantages and implications of server location. Canada has a large international economy; we have a stable government and is one of the last remaining countries that cares about our privacy and freedom.

The one thing that I personally have heard numerous times is many people in Europe seem to think Canada is the United States. I think that could be a misnomer, where people just don’t quite understand how we are separate sovereign nations.

Question # 8

For Mobile Device Management, Myntex has relied on BlackBerry UEM, how do you ensure its secure?

Geoff:

We self-host UEM, so we control it, nobody else does. If there’s a problem, I call BlackBerry to explain the issue. We may do a screen share so they can look, but they have no access to our server at all.

You can also host BlackBerry UEM in their cloud, but then you don’t physically control the server. Therefore, BlackBerry gives organizations the option to self-host.

Question # 9

What’s the difference between the Myntex Data Center and companies using cloud servers?

Geoff:

A cloud could technically speaking still be in a single data center. It would be considered a non-resilient cloud, but it is possible to still call it a cloud if it’s using cloud-based computing, like the OpenNebula open-source cloud computing platform developed by NASA, is awesome.

I believe the big difference between using a cloud provider and hosting our own datacenter is that we own the data center, we control the data, we control the physical access. If you are hosted in a third-party data center, you don’t control anything. They control it and give you access, like they give you a remote login, but that’s all you get.

Question # 10

Bonus Question: Have you been able to clock the speed of your messaging service since you operate your own servers at the Myntex Data Center?

No, we don’t have exact metrics like that. When it comes to messaging, I guarantee they can send in under 200 milliseconds, but you have all the infrastructure that’s tied between it. So, when we say we have the fastest messaging in our industry it comes down to many factors… my phone is running through a network to our servers through another network and received on another device. So, when you send an image, it normally takes about 500 milliseconds, probably even less, to go from my physical phone to you.

(Myntex COO and co-founder, Chantel Duplantie, sends him an image and it instantly pings his phone.)

See that? That’s how fast it is. I have seen many other messaging systems and how long some take to send a picture, you’ll be waiting like … two minutes from the initial press of the send button. And when I say our industry I’m referring is our niche industry, I still think we might be faster than Signal and WhatsApp, but they also have many more users which is a major factor when it comes to speed.

To achieve some of the insane speeds we use different types of technology including Erlang, Redis, Elasticsearch and RabbitMQ which is implements of my favorite protocols AMQP.  They’re all a type of in‑memory storage. We use RabbitMQ for our primary messaging between our microservices. It’s instantaneous. Same with Erlang, we use it for the messaging system’s capability.

The speed with which we can send pictures and voice messages just blows our competition away.

Adding a Bitcoin Payment Service Provider Future Proofed our Business

Credit: angelbi88 at envato

In 2016, Myntex Inc. was growing as a business and we wanted to better position the company for the digital economy. However Myntex® is based in Canada, where the banks have been slow to adopt crypto and we were getting pushback to accept it.

The Solution To Our Problem Receiving Crypto

Ultimately, we were able to arrange our payments through BitPay. When we released ChatMail™ in 2017, our Certified Executive Partners appreciated being able to use cryptocurrency. While it is not a cryptocurrency exchange, BitPay is a blockchain/cryptocurrency payment processor that enables you to accept cryptocurrencies as a payment method in exchange for goods or services you sell to your customers.

Working through our financial institution, Myntex can accept digital purchases from our CEPs, who have relied on BitPay for many years. At the start of the pandemic, when stores and banks across Europe were forced to close due to lockdowns. Without BitPay, it would have been a challenge to receive transactions from our CEPs. We appreciate the extent to which BitPay went to for our certification.

What Services Does BitPay Provide?

BitPay converts payments to Canadian dollars, depositing them straight into our chequing account. Unlike an exchange, BitPay does not store or manage digital assets. With its Payment Protocol, BitPay allows blockchain wallet and cryptocurrency users to make transactions that are fast and efficient. Shoppers receive quick confirmations that the correct amount and required fee were sent.

For privacy cautious customers like ours, BitPay adds another layer of protection to your transactions. BitPay is easy to use. Individuals, can use their card to turn crypto into cash, secure and use crypto on the go in your wallet and spend crypto from your internet browser. For businesses, you can accept bitcoin on your website for online payments, as well as for billing purposes via email. You can payout bitcoin to anyone, anywhere. And BitPay accepts crypto for NFTs.

How Safe Is Cryptocurrency?

In a blog post about the security of blockchain, Certified Information Systems Security Professional Magda Chelly, PhD notes, “Cryptocurrencies are built on top of blockchain technology,” adding, “blockchain provides the infrastructure for cryptocurrencies, while also allowing them to function in a decentralized manner.” Chelly continues, “For individuals, blockchain offers greater security and privacy when making online transactions. And for businesses, blockchain can help streamline processes, reduce costs, and speed up transactions.”

The first and most prevalent crypto, Bitcoin, was built on the blockchain. According to Investopedia, more than 10,000 other cryptocurrency systems are running on the same technology today.

Blockchain and cryptocurrency have a distinct yet connected relationship. “Defined as a digital or virtual currency, crypto uses cryptography for security and is not owned by any particular authority, making it difficult for governments to manipulate . . . By moving the means of transaction out of siloed, closed networks, blockchain is helping to solve some of the challenges around the interoperability of disparate financial systems around the world.”

We believe in BitPay’s mission to transform how businesses and people send, receive, and store money around the world.

The Advantages of BlackBerry UEM for Mobile Device Management

Myntex Data Center

BlackBerry® Unified Endpoint Manager unlocks the Android For Work security component built into Android devices. This allows Myntex to deploy our encrypted mobile solutions on authorized off the shelf devices around the world. BlackBerry UEM is an important component of our organization as it works with a wide variety of models for use with ChatMail™.

We can attest to the fact, “With its single management console and trusted end-to-end security, BlackBerry UEM provides flexibility and security to keep your employees connected and protected so they can work from practically any device, anywhere.”  

Our History With BlackBerry

We were inspired by the security and privacy afforded by BlackBerry Messenger and all the capabilities of the BlackBerry phones. As a company, Myntex began offering PGP encryption on BlackBerry phones as a white label solution in 2011.

BlackBerry phones introduced Secure Wipe and Remote data wipe, two of the features that businesses appreciate to secure their data in situations such as when an employee loses their phone or is terminated.

The Many Ways of Using UEM

As stated on their website, “You can install BlackBerry UEM in an on-premises environment for the utmost control over your servers, data, and devices. This prevents any third party from having access to the secure configuration. An alternate method is to use BlackBerry UEM Cloud, which offers an easy-to-use, low-cost, and secure solution. BlackBerry hosts BlackBerry UEM Cloud over the Internet. You only need a supported web browser to access the service.”

Rather than using BlackBerry UEMs virtual machine on their cloud, Myntex runs a self-hosted instance in our own private data center. This allows us to maintain granular control over our infrastructure, eliminating the risk of unauthorized access and intrusion.

How Myntex Adopted BlackBerry UEM

In 2005, Blackberry released BBM Enterprise through the Google Play Store and then on the Apple Store. The BlackBerry Wikipedia page refers to BBMe as “An IP-based enterprise instant messaging platform that provides end-to-end encryption for voice, video, and text-based communication.” Afterwards, a Software Development Kit was issued for BBMe, which gave Myntex the impetus to create ChatMail.

BlackBerry Enterprise Server was introduced in 1999 and by 2008, as technology changed, BES became vulnerable to several issues that eroded its’ security. The company acquired a solid MDM solution from Good Technology and merged it with BES, rebranding the combined service as BlackBerry UEM.

BBMe let developers add the brand’s trustworthy capabilities into their own applications, including secure messaging, voice, video, and file sharing. BBMe was developed, first and foremost, as a business tool, and (was) a lot more streamlined by design . . . Because it was built for use in high-security industries, BBMe (offered) stronger encryption than BBM. BlackBerry retired BBM in 2019.

UEM has many different configuration options, you can choose to integrate with Microsoft based products like active directory and Microsoft Exchange, but you can also use it as a standalone secure AFW management tool. Without having to introduce additional third-party software. We do not use Microsoft Exchange or active directory because they introduce further vulnerabilities. We only use UEM for securing and locking down the phone. BlackBerry UEM provisions the phone and secures the device using the built-in security policies provided by Android For Work.

What Does Blackberry Have Access To?

The ingenious design of UEM, in conjunction with AFW, allows us to privately manage our own secure, private version of the Google Play Store. This organizational play store is only available on our custom devices and can only be managed by our company. This is very different from what is available on standard smartphones. Our organizational play store is controlled exclusively by Myntex. All applications are signed internally with our cryptographic keys, further guarding against malicious code attacks. This allows secure distribution of our custom applications to UEM secured devices.

BlackBerry UEM has no access to our ecosystem at all. This means UEM doesn’t have access to any of our infrastructure, nor do they have access to the application data on our secure devices. Furthermore, UEM doesn’t track your location. If the GPS was ever accessed maliciously, mock location data is sent – further ensuring your privacy.

A Global Industry Leader

Today, BlackBerry UEM ranks alongside the market front-runners including Microsoft Endpoint Manager, VMware Workspace One, Citrix Endpoint Management, IBM MaaS360, and Ivanti UEM.

The Best UEM software will be a matter of choice for each enterprise depending on the needs within the Internet of Things they want to securely enable. “Using BlackBerry UEM, enterprise workers can work from almost any device, anywhere, using a single management dashboard and end-to-end security.”

Key Blackberry UEM Differentiators:

  • provides behavioral risk scores to users based on applications usage, with users who use applications consistently being deemed low risk
  • offers multi-factor authentication for a secure and easy connection to a VPN on a device
  • manage mobile devices from a single management interface, reducing risks and ensuring regulatory compliance
  • ownership model includes bring your own device company owned, personally enabled, and company owned business only
  • supports wearables such as smart glasses

For our purposes, Myntex trusts UEM to seamlessly provide Mobile Device Management to support our need to control mobile device functionality, including device enrollment, and device lockdown.

Ransomware-like Attack in Ukraine – HermeticWiper

We’ve become accustomed to hearing news about cyber warfare. From hacks to ransomware and misinformation—bad actors have made worldwide headlines with their malicious attacks.

There are measures you can take to protect yourself, like using industry-leading cell phone encryption to stay a step ahead of threats. By the time you realize you have been targeted by hackers it is too late.

Just days before Russia’s invasion of Ukraine a malware menace, known as HermeticWiper, struck Ukrainian entities as well as related targets in Latvia and Lithuania. Examining this data wiping malware reinforces the need for ensuring every exposed vector has the best digital security. Let’s take a closer look at HermeticWiper to see how destructive it is.

HermeticWiper and HermeticRansom

On February 24, 2022, after a series of distributed denial of service attacks against Ukraine, designed to knock websites offline—overwhelming them with requests until they crash—a Slovakian security firm was first to report it found the wiper on hundreds of machines in Ukraine. Another 50 banking systems with government contracts were reported by Symantec to have been hit in Ukraine.

The malware was given the name “HermeticWiper” because of a digital certificate stolen from a company called Hermetica Digital Ltd. The first variant of this malware surfaced in November 2021.

Lawrence Adams of Bleeping Computer says, “A data wiper is malware that intentionally destroys data on a device to make the data unrecoverable and for the operating system to no longer work correctly.”

HermeticRansom, also known as PartyTicket, was created with Go open-source programing language. It struck on the same day as the highly effective HermeticWiper. HermeticRansom had a decidedly unsophisticated style and poor implementation. There was no obfuscation or intent to misdirect, and the functioning was straightforward, suggesting it was created quickly, leading experts to suspect it was a distraction to help the HermeticWiper do more damage.

Mobile solutions like ChatMail™ have military-grade strength encryption, proprietary server storage, and secondary security features preventing malware like these type of wiper attacks. ChatMail’s technology doesn’t allow third-party apps which perpetrate this type of attack. Additionally, it is worth mentioning these targeted attacks were directed at the Ukraine government and not the public.

Who Was Responsible?

Like ransomware, a wiper requires the compromise of identities and the abuse of privileged credentials. 

Given the nature of the ongoing war in Ukraine and the cyber conflict, future attacks could easily expand in scope. Russian oligarchs are frantically moving their money in the wake of international sanctions, while government officials and journalists operate in a climate of intense eavesdropping and information control.

Other similar cyberattacks, notably WhisperGate (which sent a fake ransomware note before rendering the Master Boot Record useless once the computer is shutdown) prompted warnings from several US government agencies. Regardless of who is to blame, these wiper attacks are designed to prevent targets from using their devices to access data and further enforce the need for heightened vigilance.

Given the nature of the ongoing war in Ukraine and the cyber conflict, future attacks could easily expand in scope. Russian oligarchs are frantically moving their money in the wake of international sanctions, while government officials and journalists operate in a climate of intense eavesdropping and information control.

Whoever was responsible, there’s nothing to suggest that the next cyber-victim will be confined to a military opponent in the war itself. The code’s simplicity, along with the spelling and grammar errors, suggests it was slapped together.

Plausible Deniability

The nature of cyberattacks makes it difficult to peg down precisely who was responsible, as attackers can always invoke plausible deniability. For example, hackers can partially take over your home computer and use it, without your knowledge or approval, to launch cyberattacks.

One researcher told BBC News, “Ukraine’s military and banking websites have seen a more rapid recovery, likely due to preparedness and increased capacity to implement mitigations.”

Governments and enterprises need to protect every aspect of their business with digital security designed from the ground up. Myntex provides you with complete mobile device security.

We designed and built ChatMail from the ground up, including our custom encryption protocol. For your protection, anything unencrypted isn’t displayed. Our parsing algorithm takes emails sent with external PGP encryption and displays them in an easy-to-read bubble that looks like a chat message. Confidential communications remain private as no threads remain on our servers. We do not have roster, group, or message storage. You can access and delete your confidential information while being offline.

Myntex Partners with SLNT® to enhance its privacy offerings

Image by Myntex Inc.

As fervent advocates of privacy, Myntex extends its affiliation with likeminded companies to further enhance our customer’s privacy experience. That’s why we’ve partnered with SLNT®, a privacy alternative offering protection to an array of important non-encrypted devices. 

Our flagship product – ChatMail™ prevents anyone from eavesdropping through multiple encryption layers and security protocols.  For many of our clients, the increasing risks of cybersecurity threats have led executives to realize the benefits of implementing security policies, adopting the use of secure phones with end-to-end encryption.  ChatMail is the right solution for this purpose. For all the other mobile devices you carry that are not encrypted, SLNT offers our clients the privacy they need. The SLNT line of products (wallets, key cases, tech sleeves and travel bags) are designed with patented Silent Pocket® Faraday technology.  Simply slip your device into one of these sleek bags and they virtually go dark, unseen to prying eyes. 

Myntex wants to protect you on all fronts. The benefit SLNT gives you is the peace of mind that your personal information is undetectable to eavesdroppers or criminals. Passports, credit cards, and mobile devices cannot be accessed to tap your data when secured within.

We appreciate the design SLNT infused with their tech, providing an understated look and refined feel. ChatMail uses a simple yet elegant interface; styling matters to us as well as anonymity. We configure our phones to ensure your conversations and content are secure. Whether your communications are in transit, or your data is at rest—our customized, tamper-proof phones and proprietary CAMP encryption protocol protects your device from being tracked, cracked, or monitored.

ChatMail prohibits you from online browsing or installing third-party apps, which make other phones vulnerable to cyber-attacks or spying, because ChatMail devices are uniquely engineered for security. Designed for privacy, ChatMail phones cannot let hackers turn on your camera or listen to your conversation by hijacking the microphone on your device.

You can add an extra layer of protection to any unsecure mobile phones, smart watches, key fobs, or portables you carry with you. The technology used by SLNT is new, but the science behind comes from the 19th century experiments of Michael Faraday with electromagnetics.

This physics research became known as the Faraday law of induction (Faraday’s law). Faraday used it to build a large box lined with wire mesh to experiment with his discovery. He zapped the outside of the cage with electricity, while he stood inside with an electroscope. No electricity was detected within the wire structure. The enclosure was named after the inventor.

The Faraday cage is still used today in places like hospitals, such as MRIs, or in your kitchen to keep you safe when using your microwave oven. “It works on the principle that when an electromagnetic field hits something that can conduct electricity, the charges remain on the exterior of the conductor rather than traveling inside.” This is how SLNT protects your devices from electromagnetic radiation with its patented technology, which blocks 100% of all signals.

In addition to being solar and weather-proof, SLNT protects the contents of its containers so nothing on the outside can access what’s inside. This includes your Bluetooth, camera, cellular, GPS, navigation or satellite devices, and Wi-Fi. It also blocks RFID, used in ID badges, key fobs, smartphone chips, even library books. Not only does this protect your privacy and keep your data secure, but it also shields you from the unhealthy effects of EMF radiation.

Trust the tech gear used by business leaders, governments, military, and travelers alike—consider SLNT when you’re looking for accessories to keep you and your information safe on the go.

The Spyware that Flies Under the Radar

Credit: Antoni Shkraba via Pexels

While government spying grabs headlines, apps that secretly eavesdrop on and track victims are an ongoing issue. What’s more, these apps are poorly made and managed, leaving targets data exposed.

The Vulnerability Common Across Several Stalkerware Apps

Stalkerware, also known as spyware, is a type of app marketed for consumers who want to secretly track someone online, often a spouse or child. It needs to be physically installed on the target device to monitor the behaviour of the user who is being spied on. A victims and survivors support group was launched in 2019 and stalkerware was banned from the Google Play Store in 2019, with mixed results.

TechCrunch found some 400,000 user’s private data was exposed through the flaw when it conducted a worldwide investigation spanning several months. Highly sensitive user data was exposed through a security flaw in several spyware apps including browsing history, photos, location data, text messages, records of phone calls and call recordings.

An application program interface vulnerability can exist when there are few or no safety protocols in place. The issue is explained by Carnegie Mellon University. “The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.”  

An IDOR flaw can leave user’s personal data open to exploitation on the developer’s data center. While IDORs are easy to fix at the server level, the spyware apps in question are poorly managed and badly built. Not only do they share the same code and web dashboards, but they are also routed through the same infrastructure.

Why Server Storage is a Vulnerability

A server controlled by 1Byte, based in Vietnam, was found to be the common link in the nine related spyware apps. Because the apps share the same server, they also have the same exposure. TechCrunch revealed efforts to resolve the security flaw was ignored by both the web host for the spyware apps and the back-end server operations.

One of the key features about ChatMail encrypted phones is our proprietary approach to data storage. Your messages are stored on your encrypted phone. We never store your sensitive information on our servers. The only data we keep is your username, account activation date, and expiry date.

How To Protect Yourself from Coding Vulnerabilities

The impact of an IDOR is wide reaching. “An unauthenticated remote attacker can access personal information collected from any device with one of the stalkerware variants installed.”

Having an encrypted device designed from the ground up to maximize privacy ensures protection against this type of vulnerability. Myntex products are deliberately incompatible with third-party apps because of the various security risks they introduce.

Most apps ask for an excessive number of permissions, and users often grant this permission without much examination. Third-party apps may sell user data to other affiliates, as outlined above. They may also store information insecurely on servers, which is also what happened here.

Is There Spyware on Your Phone?

TechCrunch couldn’t reveal specific details about the vulnerability because it would further risk compromising people who are currently unaware that their phones have been breached. The spyware is designed to be covert, not appearing anywhere on your home screen.

Change your setting on Google Play to prevent any further data theft, though this won’t address any information already stolen. Also, check your accessibility settings to see if they’ve been tampered with or altered.

Accessibility features rely on wide access to your phone by design. If you don’t recognize downloading a service in the accessibility options, delete it. You may need further research to clarify how to do these processes since spyware is designed to be difficult to identify and remove.

The safest thing you can do is avoid using a phone with these vulnerabilities in the first place. The most secure open communication platforms let you use them without stress about information breaches or take the time necessary to become an expert on tracking and removing spyware.

Installing spyware requires the perpetrator to have physical access to their victim’s phone. Anybody is liable to leave their phone unlocked or use a weak password. Myntex phones have a notebook lock screen with a customized pin.

Everything Needs to Be Encrypted

On the surface, 1Byte looks like a normal software start-up. They have a Facebook group showing people, supposedly employees, sharing team dinners and other activities colleagues typically engage in. They went to elaborate lengths to hide their own identities and the connections between various apps that are all essentially the same spyware.

The many obfuscating layers between the spyware creators put in place only reinforce how necessary it is for every aspect of the phone to have military-grade encryption for messages, phone conversations, and even pictures.

Legal Gray Area

Technically, possessing spyware is not illegal, so the government has its hands tied. The US government has taken rare action against people who illegally plant spyware solely for intercepting a person’s communication because they break national wiretapping laws.

However, enforcement powers are severely limited because global spyware operators are out of their jurisdiction. Eliminating these types of risks isn’t as simple as flicking a switch, even if everyone agrees it’s a flagrant privacy violation.

The hackers and data thieves are usually one step ahead of law enforcement and at least two steps ahead of ordinary, unsuspecting people just trying to use their phones. It may seem counterintuitive since everyone agrees that privacy invasion is a type of theft that ought to be illegal, but law enforcement doesn’t have many tools at their disposal.

It’s understandable that most people associate data theft and privacy breaches with the high-profile stories about spyware created by governments and sold to other governments worldwide. Cyber and digital election interference also draw a lot of eyeballs. Many people in diverse fields like journalism, politics, business, and activists need to protect themselves from every privacy threat, even the ones that fly under the radar.