Protecting the mobile ecosystemTuesday, October 03, 2017
As technology evolves, so too do the threats against it; mobile devices and the Internet of Things are now prime targets for cyber-attacks. How are security solutions keeping pace?
The advent of internet banking and online shopping profoundly changed the rules of commerce, giving customers the option of buying an item with just a simple click, instead of waiting in a physical checkout line.
But now, even that is old hat. These days, more and more people are paying bills, transferring funds and buying groceries right from their mobile phones, perhaps even before rolling out of bed in the morning.
This convenience comes at a price. With their near-universal penetration and tempting treasure troves of personal data, mobile devices are fast becoming prime targets for hackers and malware developers.
Mr Chong Chee Wah, founder and CEO of TreeBox Solutions
“Mobility will be a critical enabler in the future for both our personal lives and our work—already we can't imagine leaving the house without a mobile phone,” says Mr Chong Chee Wah, founder and CEO of TreeBox Solutions, a SGInnovate-invested company, which develops mobile security solutions for businesses and government agencies.
Yet, mobile security measures have not kept pace with the increasing volume and sophistication of today’s threats. “For as long as people need to share information, there will always be security concerns,” adds Mr Chong. “Mobile security is thus becoming increasingly important.”
Message received loud, clear and secure
Most people wouldn’t think twice about discussing work-related matters over mobile messaging applications—after all, we already use them to organise just about every other aspect of our lives. But conducting company business over third-party applications can leave sensitive information on unprotected servers, as well as on the mobile phones of employees even after they leave the company.
To allow employees to communicate in a secure fashion, TreeBox developed OnTalk®, a WhatsApp-like application with military-grade security that protects messages, voice calls, conference calls and files on mobile devices. As Treebox’s flagship product, the application also allows companies to maintain a secure contact list, and ensures that sensitive information stays on companies’ own trusted platforms.
Our solution is designed with multiple layers of protection, which makes it extremely difficult for malicious attackers to compromise it,” explains Mr Chong. “To maintain our security positions, we constantly have our solutions certified by the best independent security firms in the world, ensuring that we are up-to-date against the latest attacks.
Going forward, developers must continue to build multi-faceted, multi-layered mobile security solutions, he adds. “One of the biggest challenges in mobile security is the constantly growing number of mobile platforms, which makes it difficult to protect them all. Further, the use of mobile devices is very broad, making protection even more challenging.”
Virtual machines, real security
In addition to messaging, robust security protections are also essential elsewhere on your mobile device. They are needed, for example, in mobile banking applications, which require users to enter personal information, PINs and passwords.
But while ATM and credit cards use physical smart card chips—microprocessors surrounded by a tamper protection layer—as a security feature, there was no equivalent for mobile applications, says Mr Joseph Gan, co-founder and president of V-Key, a mobile security company based in Singapore.
“We wanted to build a secure software solution that could be used by any mobile application on any mobile device; we didn't want to have to depend on hardware or on the phone manufacturers to provide the security,” he adds.
V-Key’s V-OS, a secure software solution that could be used by any mobile application on any mobile device
V-Key’s solution: a virtual smart card chip known as V-OS—essentially an extremely well-protected virtual machine that provides secure processing and tamper protection for mobile applications.
The system’s security lies in its fundamental architecture, which tightly interweaves protection mechanisms into the virtual machine. “The virtual machine cannot be broken without first bypassing the protection mechanisms, and vice versa,” says Mr Gan. “We thus get a very strong interlocking set of protections in our system.”
Using a software development kit that V-Key provides, the company’s customers—banks, government agencies and payment companies, for example—can build V-OS right into their mobile applications. “As the end-user, you don't even need to know that it’s there. Our objective is to help our customers make the user experience as seamless and convenient as possible,” says Mr Gan.
The internet of threats
Mobile devices are also increasingly being used to communicate with a host of other gadgets—sensors, cameras, thermostats, appliances and other ‘smart’, connected devices, collectively known as the Internet of Things (IoT). An industrial facility, for example, may contain thousands of smart sensors, each one a potential hacking target.
Ms Karachach Sadybakasova, founder of Singapore-based start-up of IoTsploit
“As soon as you connect your smart device to the internet, it becomes a target for botnets that spread malware,” says Ms Karachach Sadybakasova, founder of Singapore-based start-up IoTsploit, which develops security solutions for industrial IoT systems.
“One of the urgent challenges in cybersecurity is realising that a smart machine embedded into something as trivial as a door lock, toy or lightbulb is actually a small computer with security implications. Recycling passwords and leaving default configuration settings in place is an open invitation to be hacked and exploited,” she adds.
Ms Karachach Sadybakasova, founder of IoTsploit
Many existing cybersecurity solutions rely on methods such as encryption, deception and firewalls, says Ms Sadybakasova. These defensive methods are not only inherently vulnerable and prone to false positives, but also encourage users to develop a weak ‘cyber-posture’—becoming complacent as the solutions run passively in the background.
Instead, IoTsploit develops what it calls ‘offensive’ strategies. “We think of IoTsploit as a superhero hacker that protects smart devices against evil hackers. It does so by automating the job of an elite penetration tester, and scaling it up to cover multiple devices for multiple customers globally,” explains Ms Sadybakasova. “Our key capability is artificial intelligence which grows sharper over time against the bad guys.”
Singapore, with its strong connections to regional and international customers, access to capital and pool of technology pioneers and mentors, is an ideal location for her company, says Ms Sadybakasova. “There are few places in the world that can offer such a winning combination of factors to build a high-impact deep tech business,” she adds.
More opportunities are likely to arise as the country pushes ahead with its smart city ambitions, for which IoT security will be a key priority. “Singapore’s Smart Nation vision leads the way for many global cities and countries in adopting progressive technology, legislation and policies,” says Ms Sadybakasova. “We position ourselves as partners in the national drive for smart technology-based solutions, and are talking to Singaporean businesses about securing and improving their industrial solutions.”
At the end of the day, cybersecurity is perhaps less about the solutions themselves, and more about what we can do with them in place. “I think security is important not in and of itself, but because of what it enables—with security, our customers are able to create a true digital experience for their end-users, with a seamless and engaging user experience,” says V-Key’s Mr Gan.
Share This, Choose Your Platform!
You may also like the following:
Data Dialogue: Data Sharing Without Sharing Data
We can’t reap the benefits of AI without access to the right data. In 2016, the world produced 16 ZB of data but only 1% was analyzed. Centralized data exchanges are lack of fair and flexible pricing mechanisms, data providers lose control over their assets, and there is a lack of transparency in how the data is used. This lack of trust is preventing data sharing. How do we solve this? In this session of data dialogue, we are going to dive deep into how data sharing without sharing data could occur.Topics:
Quantum Tech: From Science to Business Applications
How is quantum technology going to change our daily life? Can quantum computers predict our future? What are the possible business applications and how do we prepare for them starting today? We’ll take a deep look into technology – moving from theory to practical implementationTopics:
SGC Business Magazine published an editorial contribution by Steve Leonard on the startup landscape in Singapore. Steve highlighted that while Singapore is helping drive some of ASEAN’s booming digital economy, most startups in Singapore are building businesses around consumer-facing technology. He emphasised the importance for Singapore to create startups that pursue ‘deep tech’ products and how SGInnovate was formed to tackle the challenges faced by these startups such as the lack of investment, the scarcity of talent and the long gestation period for commercialisation.
Australia has officially launched a Landing Pad for its startups in the Southeast Asian city-state of Singapore.