What this expensive ‘secure’ phone tells us about mobile hacking

Will a $12,000 phone protect you from mobile malware?

Mobile security is a bit of a misnomer. Few of us can say we’ve been attacked by a piece of malware or have quarantined an actual virus. The odds are stacked against us. Mobile operators like Verizon and Sprint routinely scan for threats, and both Google Android and the Apple iPhone include multiple security measures on their devices, from fingerprint scanners to full encryption.

Yet, there’s a sneaking suspicion that mobile security is a bigger concern. According to one HP report, 67 percent of employees in the U.S. now work remotely. We’re relying on phones more and more. We store sensitive business documents on them and use them to make purchases.

Recently, a malware client called Pegasus appeared in the wild. It uses a fairly predictable attack strategy that’s well known to anyone who has been the victim of a phishing scam. A text message tricks you into responding and installing an app. The malware can then jailbreak your phone, eventually installing a client that can capture data, per Symantec reports.

What can be done? One solution is the Solarin phone from a company called Sirin Labs based in the UK and Israel. It costs £9,500 (or about $12,500). The features on this 5.5-inch phone reveal quite a bit about where mobile security might be heading and the future of mobile hacking.

Warding off the bad guys

The most interesting feature is a switch on the back of the device. When enabled, the Solarin enters a secure mode that encrypts all text messages. There's a "concierge" service that monitors apps and can alert you if there is an issue. The phone uses chip-to-chip 256-bit AES encryption, and the "secure" mode disables all sensors like the GPS chip, Bluetooth, and Wi-Fi.

Another feature has to do with the people communicating with you. If you want to text or call someone from the phone, they have to use the Secure Comm app for Android or iOS.

The high price for the phone -- coupled with these added steps for security -- reveal what it takes to block intruders both now and in the next few years. As Alex Manea, the director of BlackBerry Security at BlackBerry, tells CSO, not securing a phone is a bit like leaving the house with the front door open when you leave. We’re using mobile devices more than ever for not just some of our sensitive information but all of it, including all of our files, contacts, and bank records.

"As phones have gotten more advanced, so have potential vulnerabilities and so the need for secure devices and services is a hot topic again," says Manea.

Alex Manea, the director of BlackBerry Security at BlackBerry

Alex Cline, director of Information Security for Branding Brand, a mobile commerce platform, agreed that the timing is right for addressing security issues, arguing that there are those who have a greater need to address potential attack vectors before their data is compromised.

"Smartphones have become an extension of ourselves and are integral into our everyday lives," says Cline. "For the same reasons we have security systems installed in our homes, we look for mobile devices with the capability to withstand attacks. Those with access to sensitive and valuable information are at higher risk if that data were to be exposed, therefore they look for smartphones that meet a higher threshold for security and privacy."

Expensive phone?

While phones like Solarin show what it might take to deter hackers, the actual phone is not the perfect solution for everyone. Cline says he’s surprised there’s a fingerprint reader, since that biometric access technology has been widely shown as ineffective.

The Solarin also relies on several third parties for their security platform, including Zimperium and KoolSpan, which was also a red flag to Cline who said that could be a non-starter for some. He says the phone uses the Snapdragon 810 processor, which is known for overheating issues. That alone could nullify all security measures if the phone overheats and data is lost.

Of course, there are many other security options. Many Samsung phones use the KNOX encryption platform, but one of the leaders in this space is still BlackBerry. On their PRIV smartphone, for example, there’s an app called DTEK that provides a security score for your device to help you monitor access points. A BlackBerry Certicom cryptographic library on the device protects against brute force attacks. And, the phone costs $550 unlocked.

Future devices

Still, even with all of these options, one thing is sure: Mobile security is going to take some radical steps soon. The fact that the Solarin phone requires that other people communicate with you through a secure app is a sign that there is a user segment that needs this kind of simplicity.

"For executives, the idea of a phone that's so secure when you need it to be that all you have to do is flip a switch is enticing because they don't have to learn much that's new to figure it out," says Seth Rosenblatt, the editor for the security news site The Parallax.

Rosenblatt does express one concern as these types of phones become more common. He says it will always be beneficial to practice what security pros call good "security hygiene" in never opening an attachment on your phone or opening a text from an unknown party.

If expensive phones become the purview of the tech elite or only executives, there’s a good chance some of these security practices -- not to mention using a VPN or complex passwords -- could be relegated to the steps we used to take on our phones. May that never be.

RELATED VIDEO:

This story, "What this expensive ‘secure’ phone tells us about mobile hacking" was originally published by CSO.

Shop Tech Products at Amazon