Myntex Partners with SLNT® to enhance its privacy offerings

Image by Myntex Inc.

As fervent advocates of privacy, Myntex extends its affiliation with likeminded companies to further enhance our customer’s privacy experience. That’s why we’ve partnered with SLNT®, a privacy alternative offering protection to an array of important non-encrypted devices. 

Our flagship product – ChatMail™ prevents anyone from eavesdropping through multiple encryption layers and security protocols.  For many of our clients, the increasing risks of cybersecurity threats have led executives to realize the benefits of implementing security policies, adopting the use of secure phones with end-to-end encryption.  ChatMail is the right solution for this purpose. For all the other mobile devices you carry that are not encrypted, SLNT offers our clients the privacy they need. The SLNT line of products (wallets, key cases, tech sleeves and travel bags) are designed with patented Silent Pocket® Faraday technology.  Simply slip your device into one of these sleek bags and they virtually go dark, unseen to prying eyes. 

Myntex wants to protect you on all fronts. The benefit SLNT gives you is the peace of mind that your personal information is undetectable to eavesdroppers or criminals. Passports, credit cards, and mobile devices cannot be accessed to tap your data when secured within.

We appreciate the design SLNT infused with their tech, providing an understated look and refined feel. ChatMail uses a simple yet elegant interface; styling matters to us as well as anonymity. We configure our phones to ensure your conversations and content are secure. Whether your communications are in transit, or your data is at rest—our customized, tamper-proof phones and proprietary CAMP encryption protocol protects your device from being tracked, cracked, or monitored.

ChatMail prohibits you from online browsing or installing third-party apps, which make other phones vulnerable to cyber-attacks or spying, because ChatMail devices are uniquely engineered for security. Designed for privacy, ChatMail phones cannot let hackers turn on your camera or listen to your conversation by hijacking the microphone on your device.

You can add an extra layer of protection to any unsecure mobile phones, smart watches, key fobs, or portables you carry with you. The technology used by SLNT is new, but the science behind comes from the 19th century experiments of Michael Faraday with electromagnetics.

This physics research became known as the Faraday law of induction (Faraday’s law). Faraday used it to build a large box lined with wire mesh to experiment with his discovery. He zapped the outside of the cage with electricity, while he stood inside with an electroscope. No electricity was detected within the wire structure. The enclosure was named after the inventor.

The Faraday cage is still used today in places like hospitals, such as MRIs, or in your kitchen to keep you safe when using your microwave oven. “It works on the principle that when an electromagnetic field hits something that can conduct electricity, the charges remain on the exterior of the conductor rather than traveling inside.” This is how SLNT protects your devices from electromagnetic radiation with its patented technology, which blocks 100% of all signals.

In addition to being solar and weather-proof, SLNT protects the contents of its containers so nothing on the outside can access what’s inside. This includes your Bluetooth, camera, cellular, GPS, navigation or satellite devices, and Wi-Fi. It also blocks RFID, used in ID badges, key fobs, smartphone chips, even library books. Not only does this protect your privacy and keep your data secure, but it also shields you from the unhealthy effects of EMF radiation.

Trust the tech gear used by business leaders, governments, military, and travelers alike—consider SLNT when you’re looking for accessories to keep you and your information safe on the go.

The Spyware that Flies Under the Radar

Credit: Antoni Shkraba via Pexels

While government spying grabs headlines, apps that secretly eavesdrop on and track victims are an ongoing issue. What’s more, these apps are poorly made and managed, leaving targets data exposed.

The Vulnerability Common Across Several Stalkerware Apps

Stalkerware, also known as spyware, is a type of app marketed for consumers who want to secretly track someone online, often a spouse or child. It needs to be physically installed on the target device to monitor the behaviour of the user who is being spied on. A victims and survivors support group was launched in 2019 and stalkerware was banned from the Google Play Store in 2019, with mixed results.

TechCrunch found some 400,000 user’s private data was exposed through the flaw when it conducted a worldwide investigation spanning several months. Highly sensitive user data was exposed through a security flaw in several spyware apps including browsing history, photos, location data, text messages, records of phone calls and call recordings.

An application program interface vulnerability can exist when there are few or no safety protocols in place. The issue is explained by Carnegie Mellon University. “The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.”  

An IDOR flaw can leave user’s personal data open to exploitation on the developer’s data center. While IDORs are easy to fix at the server level, the spyware apps in question are poorly managed and badly built. Not only do they share the same code and web dashboards, but they are also routed through the same infrastructure.

Why Server Storage is a Vulnerability

A server controlled by 1Byte, based in Vietnam, was found to be the common link in the nine related spyware apps. Because the apps share the same server, they also have the same exposure. TechCrunch revealed efforts to resolve the security flaw was ignored by both the web host for the spyware apps and the back-end server operations.

One of the key features about ChatMail encrypted phones is our proprietary approach to data storage. Your messages are stored on your encrypted phone. We never store your sensitive information on our servers. The only data we keep is your username, account activation date, and expiry date.

How To Protect Yourself from Coding Vulnerabilities

The impact of an IDOR is wide reaching. “An unauthenticated remote attacker can access personal information collected from any device with one of the stalkerware variants installed.”

Having an encrypted device designed from the ground up to maximize privacy ensures protection against this type of vulnerability. Myntex products are deliberately incompatible with third-party apps because of the various security risks they introduce.

Most apps ask for an excessive number of permissions, and users often grant this permission without much examination. Third-party apps may sell user data to other affiliates, as outlined above. They may also store information insecurely on servers, which is also what happened here.

Is There Spyware on Your Phone?

TechCrunch couldn’t reveal specific details about the vulnerability because it would further risk compromising people who are currently unaware that their phones have been breached. The spyware is designed to be covert, not appearing anywhere on your home screen.

Change your setting on Google Play to prevent any further data theft, though this won’t address any information already stolen. Also, check your accessibility settings to see if they’ve been tampered with or altered.

Accessibility features rely on wide access to your phone by design. If you don’t recognize downloading a service in the accessibility options, delete it. You may need further research to clarify how to do these processes since spyware is designed to be difficult to identify and remove.

The safest thing you can do is avoid using a phone with these vulnerabilities in the first place. The most secure open communication platforms let you use them without stress about information breaches or take the time necessary to become an expert on tracking and removing spyware.

Installing spyware requires the perpetrator to have physical access to their victim’s phone. Anybody is liable to leave their phone unlocked or use a weak password. Myntex phones have a notebook lock screen with a customized pin.

Everything Needs to Be Encrypted

On the surface, 1Byte looks like a normal software start-up. They have a Facebook group showing people, supposedly employees, sharing team dinners and other activities colleagues typically engage in. They went to elaborate lengths to hide their own identities and the connections between various apps that are all essentially the same spyware.

The many obfuscating layers between the spyware creators put in place only reinforce how necessary it is for every aspect of the phone to have military-grade encryption for messages, phone conversations, and even pictures.

Legal Gray Area

Technically, possessing spyware is not illegal, so the government has its hands tied. The US government has taken rare action against people who illegally plant spyware solely for intercepting a person’s communication because they break national wiretapping laws.

However, enforcement powers are severely limited because global spyware operators are out of their jurisdiction. Eliminating these types of risks isn’t as simple as flicking a switch, even if everyone agrees it’s a flagrant privacy violation.

The hackers and data thieves are usually one step ahead of law enforcement and at least two steps ahead of ordinary, unsuspecting people just trying to use their phones. It may seem counterintuitive since everyone agrees that privacy invasion is a type of theft that ought to be illegal, but law enforcement doesn’t have many tools at their disposal.

It’s understandable that most people associate data theft and privacy breaches with the high-profile stories about spyware created by governments and sold to other governments worldwide. Cyber and digital election interference also draw a lot of eyeballs. Many people in diverse fields like journalism, politics, business, and activists need to protect themselves from every privacy threat, even the ones that fly under the radar.

Russia Declares Cyber War

Photo: TheDigitalArtist Pixabay

Weeks before Russia invaded the Ukraine, American intelligence agencies warned that Vladimir Putin was planning state-sponsored cyber operations around the world against critical infrastructure. Targets include Defense, Energy, Governments, Healthcare, and Telecommunications. The Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and National Security Agency issued a joint Cybersecurity Advisory outlining the threats and for the global community to adopt a proactive, heightened state of awareness.

The CSA overview served to highlight the risks and list strategies to assist with detection, mitigation and incident response. The advisory noted in the technical details, “Historically, Russian state-sponsored advanced persistent threat actors have used common but effective tactics—including spearphishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—to gain initial access to target networks.” A reward of up to $10 million may be offered for information about Russian cyber operations targeting U.S. critical infrastructure, an example of how seriously CISA, the FBI, and NSA are taking the threat.

How it started?

On February 24, 2022, as Russia launched a large-scale attack on the Ukraine, CISA issued another alert about a group of Iranian government sponsored APTs known as MuddyWater, a subordinate element within the Iranian Ministry of Intelligence and Security. The group was observed “Conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America.”

The eve of the invasion came with a dire warning from President Putin, translated into English, “To anyone who would consider interfering from the outside – if you do, you will face consequences greater than any you have faced in history.” Of course, the world has good reason to take the threat seriously.

Just days before the physical assault came a pre-emptive virtual strike, with distributed denial of service attacks on Ukraine’s government websites, foreign ministry, state security services and banks. Ukraine’s defense ministry and major banks were hit with DDoS attacks the week before, with limited impact.

How it’s going?

“The war [in cyberspace] is underway and unfolding very intensively,” the Russian Foreign Ministry’s international information security director said in December 2021. “The media rightly says that this [is] a Third World War, and what matters now is to calculate the damage and determine who will lose it in the end and what shape the world will eventually acquire as a result of this war.”

A botnet malware dubbed Cyclops Blink is being used by the notorious Sandworm hackers, a destructive threat group that has been working with the Russian military to exploit vulnerabilities in firewalls and infect networks to gain remote access. Systems may then be used as a conduit to conduct additional attacks elsewhere, as the point of entry may not be the primary target.

Such strategy may well have been underway for months if not years. The US Energy Secretary noted, “Experts believe that Russian hackers trying to bring down part of the U.S. grid would probably enter via a side route — breaking into a major energy provider’s networks by infecting a software update from a less secure company.”

Another weapon in the Russian war machine cache is misinformation. Putin’s propaganda tactics have been a hallmark of his political career. Social Media has been infiltrated by Russian troll farms to wage political warfare on his adversaries. Russia was accused of spreading fake news through troll factories, swaying the US Presidential election in favour of Trump, confirmed by former FBI Director Robert Mueller when he investigated the alleged Russian interference in the 2016 election.

When the Kremlin invaded Crimea, Ukrainian journalist and political analyst, Mykola Riabchuk, said the Russian hype had evolved into a full-fledged information war. Riabchuk wrote, “Three major narratives emerged that can be summed up as “Ukraine’s borders are artificial”, “Ukraine’s society is deeply divided”, and “Ukrainian institutions are irreparably dysfunctional.” To put it simply, Ukraine is a failed state (“not a country”) . . . and it, therefore, needs external, apparently Russian, guardianship.”

Putin’s deceptive attempt to rationalize his attack on Ukraine was characteristic, according to one criminal justice professor who was quoted as saying, “This is one of those times where we can expect Russian troll farms to be heavily active in an attempt to either depict a narrative that fits the notion that they’re a peacekeeping force, or that there’s false flag events that have occurred that justify their presence there or the use of serious violence against civilians or anything else.”

Ukraine responded to the cyber threats by asking the hacker world to come to its aid. Just as the country has built a strong resistance from within to defend against the military attack, volunteers have rushed in to answer the call to strike back at Russian targets online. An IT army with thousands of hackers have already answered the call within a matter of days. Elon Musk assisted the effort by activating Starlink satellite service over Ukraine.

Hacktivists took over Russian TV stations to broadcast footage from the front lines, thwarting the state efforts to control the narrative, which likely fuelled the increased number of protestors who risked arrest by defiantly demonstrating against the invasion of their neighbours. Russian media sites were hijacked to be replaced with a tombstone bearing the number of reported Russian troop casualties.

How to be prepared?

With the potential for anyone to become a victim if Russia retaliates with a global cyber conflict, now is the time to be extra vigilant with your online behaviour.

Know that governments are focused on keeping critical infrastructure safe in this heightened state of crisis. This means being aware is important but there is no need to panic. Arm yourself with trustworthy information and don’t amplify baseless reports.

Myntex recommends several methods to keep your digital vectors safe from attack. Start with some basics, like ensuring your system updates are handled promptly to patch developer vulnerabilities. Implement multi-factor authentication wherever possible. Practice cybersecurity common sense by staying apprised of phishing attack techniques and other means of infiltration used by threat actors. Ensure your service provider secures the servers you rely on with DDoS protection. In these uncertain times, it is wise to have a plan to remain operational in the event of a cyber-attack, such as ransomware.

The best way for business to secure mobile devices is to remove the risk from online browsing and to use end-to-end encrypted communications to safeguard your privacy. Don’t trust free apps, you’ll be giving away your personal data when you agree to their terms of use. If you’re not paying for the product, you become the product.

While the implications for a growing cyber-conflict are real, it is encouraging to note the world is standing guard against attacks, which have yet to materialize at the time of writing this post.