The problem with mobile device security today

Smartphones and laptops are two of our most personal devices. We generally use our laptops in the office or at home and we regularly switch them off when we are not using them. Smartphones however, are a different kettle of fish. We basically always keep our smartphone on and we carry them EVERYWHERE like an attached limb. The problem is that smartphones contain more of our most precious personal information than any of our closest friends or even our most intimate relatives.

Unfortunately, most smartphones and laptops were never designed with security or privacy front of mind. Mainstream consumer electronics generally priorities user-experience at the expense of security and the right balance has not yet been struck. With the advent of new technologies like mobile payments and cryptocurrency, smartphones have become an even more valuable target for malicious actors.

In the 21st century all data communicated online is saved in some capacity. This includes any sensitive data you can think of personal, financial, work related etc. Cyber-criminals have never been presented with greater opportunity to steal valuable information than what is available today. Smartphones and laptops offer an open platter for financial-stealing malware, ransomware and other cyber-threats that target our data.

Problematically, many of the Apps we download today harvest more information than they need (like the Flashlight App that needs access to your contacts book). In fact, Apps have been specifically developed to capture as much personal data as possible. Another issue with modern smartphones is that they do so much. Thanks to a hyper-competitive marketplace there’s a constant race to add more and more features without properly exploring the security implications. In turn, security often lags behind with the ramifications only realised after the fact. In today’s climate, for a determined attacker it is relatively easy to hack a mainstream device and obtain its data.

Software alone will not sufficiently protect the information on your smartphone

The issue with smartphones is that they are just as vulnerable to hackers and malware as PCs but are much harder to protect. What’s more, the cyber and information security community has been slow to explore and develop adequate mobile security mechanisms. The shift of focus from PC toward the mobile space has only happened recently so there are many vulnerabilities.

Whilst there have been a few attempts to tighten up smartphone security — like the introduction of End-to-End encryption on some widely-used messaging apps such as WhatsApp, WeChat — not enough is being done to protect your information and privacy. While an App might be secure, it has little bearing if you’ve already been tricked into downloading a piece of malware that’s sending screen captures of your messages or recording your calls. If someone really wants to spy on your communications, secure software alone will not be enough to protect you. A malicious actor could hack into the Baseband Processor, open the microphone and listen to your conversation before it is encrypted.

In order to prevent such attacks, smartphones must be secure not just from outside but also from inside the low levels of the phone’s internal systems. This is something that can only be achieved ONLY through hardening the operating system itself. As such, developing a complete phone from scratch is the best way to sufficiently protect from malicious actors. The same level of security cannot be achieved through application development alone.

How Blockchain technology can improve smartphone security?

At SIRIN LABS, we believe that Blockchain technology will reshape the way our Identity and our Information is handled on smart devices and over Digital Communication Channels (such as 3G/4G, WiFi and Bluetooth).

The R&D Team at SIRIN LABS is developing ‘BlockShield’ — a next-generation security system that will protect the users of SIRIN LABS’ upcoming mass-market consumer electronic products from cyber attacks.

For ‘BlockShield’, SIRIN LABS is exploring multiple protection layers that are built on top of a Blockchain and are integrated across multiple levels of security. Below are some example of how Blockchain may enable more secure smartphone security.

Cryptographically Secure Digital Identity for Users, Devices and Accessories

SIRIN LABS is proposing to leverage Blockchain technology in combination with a Digital Signature Identity to authenticate Users, Devices (e.g. Smartphone, PC or Laptop) and Accessories.

In addition, any suspicious activities such as failed sign-in attempts and illegal software and firmware updates are recorded into a logging system held on an immutable, distributed ledger.

Tamper Proof Software

The R&D team at SIRIN LABS are exploring several mechanisms to protect against malicious tampering of the sensitive Core System Software that powers SIRIN LABS devices. Such mechanisms would validate the authenticity of Software Updates that are issued both Over the Air (OTA) and manually.

During software updates, the firmware signature is validated against a Blockchain-backed registry. Any attempt to modify the Core System Software is detected and results in immediate rejection of the attempt to install the illegal update.

Controlled Supply Chain

We intend to use blockchain to protect the integrity of the supply chain of the sensitive components (camera, touch, fingerprint, storage etc) of SIRIN LABS devices until they arrive to the assembly line. This will protect against malicious actors injecting hardware-based malware into the critical hardware components of SIRIN LABS products. By augmenting a tag containing the origin, place of storage and authenticity to each electronic component that and storing it on a immutable ledger we can maintain total integrity and traceability of the supply chain. Indeed, this is not exclusively a SIRIN LIBS idea but something that is being explored within the supply chain and logistics community, you can read about it here.

SIRIN LABS

SIRIN LABS mission is to bridge the gap between the mass market and the Blockchain economy by producing consumer electronics with an incredible user experience whilst maintaining a high level of security. SIRIN LABS smartphone has been specifically designed for the Blockchain era, containing a built-in cold storage cryptocurrency wallet, P2P resource sharing mechanism, Decentralized application store and more.

SOLARIN, SIRIN LABS’ first product, is considered the most secure smart-phone launched to the consumer market. SOLARIN was built with State-Of-the-Art Hardware and Software Mobile Security Technology, 24/7 Cyber Protection, and a Private Zone for completely Encrypted Calling and Messaging capabilities. Many of the learnings garnered from the development of SOLARIN will be applied to SIRIN LABS Blockchain smartphone.

With the value and usage of cryptocurrencies growing exponentially the need for secure storage mechanisms of crypto-assets is becoming more and more important. Further, the immense quantity of personal information being stored on smartphones presents great risk to users, who are beginning to understand how vulnerable their information is. SIRIN LABS’ products will take a giant leap in smartphone security and enable the safe storage of your cryptocurrency and personal information.

The SIRIN LABS team,

www.sirinlabs.com

Telegram: https://t.me/sirinlabs