Research Reveals iOS and Android Encryption Weaknesses

Why Secure Containers Are Needed

The Research

iOS has solid encryption, there is no backdoor, hence, your firm’s data is safe under lock and key, correct?  Not necessarily. Enlightening new research by cryptographers at Johns Hopkins University (1) has surfaced weaknesses in the iOS and Android encryption schemes. Ironically, in the case of iOS, part of the weakness is related to a security hierarchy which is often unused.

“Apple provides interfaces to enable encryption in both first-party and third-party software, using the iOS Data Protection API. Within this package, Apple specifies several encryption “protection classes” that application developers can select when creating new data files and objects. These classes allow developers to specify the security properties of each piece of encrypted data, including whether the keys corresponding to that data will be evicted from memory after the phone is locked (“Complete Protection” or CP) or shut down (“After First Unlock” or AFU) …

… the selection of protection class makes an enormous practical difference in the security afforded by Apple’s file encryption. Since in practice, users reboot their phones only rarely, many phones are routinely carried in a locked-but-authenticated state (AFU). This means that for protection classes other than CP, decryption keys remain available in the device’s memory. Analysis of forensic tools shows that to an attacker who obtains a phone in this state, encryption provides only a modest additional protection over the software security and authentication measures described above.” (JHU – bold is our addition)

The reality is that most of our iPhones are commonly in “After First Unlock” state because we rarely reboot our phones. To achieve maximum security, we would have to power down our iPhones and authenticate after each use. That is, scores or hundreds of times per day. Otherwise, all data in the AFU state is vulnerable to law enforcement agencies or criminals with the right forensic tools. As the Hopkins researchers noted, “Law enforcement agencies, including local departments, can unlock devices with Advanced Services for as cheap as $2,000 USD per phone, and even less in bulk, and commonly do so.”

“There’s great crypto available, but it’s not necessarily in use all the time,” says Maximilian Zinkus, Johns Hopkins University. The Hopkins researchers also extended their analysis to include the vulnerability of iCloud services and device backups:

In an interview, Apple stressed that its goal is to balance security and convenience. The result: law firms and other enterprises who rely on iOS’ first-party apps (e.g., iOS Mail) may be unknowingly using an encryption scheme which does not meet their requirements.

Device owners may take actions to ensure greater security. Apple Insider cites a few user actions including: Use SOS mode; use the setting which locks iOS devices after 10 failed login attempts; and don’t use iCloud back-ups. But these user-optional mitigations are not adequate for enterprise security, and they don’t address the forensic techniques used to steal data in the AFU state. Enterprises need systematic approaches across all firm-managed devices.

Why Secure Containers Are Needed

Sophisticated attackers and government agencies have a variety of available tools at their disposable to extract sensitive data from a seized or stolen device. The preponderance of evidence shows that law enforcement is largely successful in cracking open a device and extracting sensitive information as needed. Evidence further suggests that these techniques are ported to even the latest iOS versions and devices (take a close look at https://www.grayshift.com/ – they offer the state-of-the-art in device forensics). What can you do to truly protect sensitive data? The built-in capabilities of the operating system are not sufficient.

Secure containers provide an additional layer of encryption by implementing an entirely independent encryption mechanism to protect data. To examine the protection offered by secure contain apps, we will refer to our LINK app in this discussion. LINK not only uses its own, independent encryption scheme, Link also uses its own built-in encryption technology. In other words, the LINK encryption software stands entirely independent from the operating system, regardless of whether that operating system is intact or compromised. As long as encryption keys are protected well, then secure containers can provide the kind of locked-down encryption that law firms want to protect email and documents, which encapsulate a large majority of a firm’s most sensitive data.

LINK’s data protection exceeds iOS in a few significant ways:

  1. LINK is an app, and iOS apps are routinely removed from memory. Hence, while LINK does necessarily keep encryption keys in memory when the app is active, once the app is removed from memory its encryption keys are too. This stands in contrast to iOS’ “AFU” encryption.
  2. LINK allows IT to identify data that is only accessible when the device is online. This makes it awfully difficult to get the encryption keys for that data, especially once the device has been identified as lost or stolen and flagged for a remote wipe.
  3. LINK’s online encryption keys are really hard to guess. Offline keys are hard to guess too, as long as your organization uses complex A-D passwords. Online keys are not derived from a user’s passcode or even a user’s A-D password. LINK’s encryption keys are derived from randomized 32-character strings that are generated on the LINK servers using entropy available on the server. Brute-forcing the key derivation is unlikely to work, which means an attacker would have to compromise the LINK Controller that sits safely inside our customers’ networks, then break the encryption scheme protecting sensitive data stored in our Controller database. Getting LINK data is a lot more complicated than stealing or seizing a mobile device.
  4. LINK aggressively limits the amount of data available on the device, online or offline. We do so by simply expiring away data that sits unused on the device. This is a really simple way to limit exposure without much practical impact on a user. Users can always go back to their email (via search) or to the document management system to find what they were working on. There is no practical reason to store lots of old, unused data on a device that is easy to steal and, as it turns out, compromise once stolen.
  5. LINK’s data is useless when obtained from an iCloud backup or a local backup to a Mac device. LINK’s encryption keys are never backed up. An attacker’s best hope is to brute force both the iOS device passcode and the user’s A-D password before IT notices that the device is lost or stolen. This is incredibly difficult to accomplish given Apple’s built-in protections against brute-forcing passcode and given a reasonably complex, hard-to-guess A-D password.

The JHU research simply reminds us that Apple’s interests diverge widely from those of an individual law firm. Apple has to balance the needs of law enforcement and users to make data accessible while still providing a reasonable degree of protection. Law firms’ best interests lie in maximally protecting data against unauthorized access. In order to achieve this latter goal, Apple’s built-in technology simply won’t suffice.

-Seth Hallem

Seth Hallem is the CEO, Chief Architect, and Co-Founder of Mobile Helix, makers of the LINK App. With LINK professionals can review, annotate, compare, and email files, as well as use the firm intranet, using a single secure container app. www.mobilehelix.com


References:

  1. “Data Security on Mobile Devices,” Maximilian Zinkus, Tushar M. Jois, and Matthew Green, Johns Hopkins University.
  2. “How Law Enforcement Gets Around Your Smartphone’s Encryption,” Lily Hay Newman, Wired.
  3. “Many iOS Encryption Measures ‘Unused,” Say Cryptogographers,” Hartley Charlton, MacRumors.
  4. “Apple encryption is a balance between user convenience and total security, new study shows,” Wesley Hilliard, AppleInsider.

Phishing Never Takes a Holiday

No. I’m not referring to the now infamous GoDaddy employee $650 holiday bonus email. Employees who responded to the email with the requested information were later informed that they had failed the company phishing test. If you have not yet read that dispiriting story, it’s here.

I am referring to this charming email which I received this morning.

Phishing Email and Fish
Phishing Email from “noreply@freeinvoice.it”

It is from: “Mobilehelix passwordexpiration.”

Presumably, that would be warning enough for your employees to hit the “Delete” button posthaste.

If not that, then maybe those over-sized blue bands which overlap the line below would be a tip-off.

(I have obscured the recipient’s email address.)

This is a very good opportunity for me to show you a security feature in our LINK App. When you open an email in LINK you will always see the alias and below it the sender’s email address. You don’t have to tap or do anything else to display the email address. It’s there.

In this case the alias is the aforementioned, “Mobilehelix passwordexpiration.”

And the email address is, “noreply@freeinvoice.it.”

If your employee were uncertain as to whether to hit that “Delete” button, I think that seeing that the email is from “noreply@freeinvoice.it” would be the icing on the cake. This email is definitely not from the company IT department. Delete.

We are serious about security at Mobile Helix. Much of what we build into the LINK system, such as certificate-based device registration in the new user registration process, is behind the scenes. It’s invisible to your employee and works in the background.

But this security feature is a designed to help your employees to be watchdogs for senders with devious intentions. 90% of organizations experienced targeted phishing attacks in 2019. Humans are the weakest link. This is one simple tool to help all of us to be vigilant.

-Maureen

Originally published in LinkedIn on December 28, 2020

Home Screen: Grid or List Mode

We are updating the LINK App User Interface, starting with the Home, My Files, Settings, and Login screens. We are redesigning to give you a more polished and consistent appearance throughout LINK as well as to provide improved ease of use.

LINK’s new User Interface is lighter and in keeping with contemporary iOS and Android apps. LINK is now using the OS “system colors” so that features like Dark Mode will be supported in LINK.

Now users may choose their preferred home screen layout, per device. In Settings, select the familiar Grid mode with rows, or the new List mode. List mode is especially useful on a phone so that you can scroll through your apps.

In the LINK Controller the LINK Administrator may set view mode defaults

  • Always use Grid Mode
  • Always use List Mode
  • Grid Mode on Tablets; List Mode on Phones

Users can always override the defaults by using the Settings tab on the Home screen.

Grid View on iPad
List View on iPhone

Go to the Home screen Settings tab to:

  • Select Grid or List Mode
  • Select a default app in LINK. For example, to have LINK open directly to DMS or Email.
User Settings
User Settings: Default App and Grid or List Mode
Example of all four options on a phone. The same four options are available on tablets.

We are excited to roll out to you these new enhancements in LINK.

More to come!

Maureen

LINK App: New – List All Files

Here is another fantastic feature request from a LINK user.

Sometimes you need a list of every file in a folder or even in a Workspace in iManage Work or NetDocuments DMS. Search may not help as you don’t know exactly what you are looking for. Now in LINK you can create the list, annotate it, then Air Print, email, import to iManage or NetDocuments, or save in LINK to My Files.

To create the list, tap the ellipsis icon to the right of any folder or Workspace. Tap “List All Files.”

The list is displayed.

To annotate, tap the Paper & Pencil icon and mark away.

After annotating, you can use the icons in the lower right to Air Print, email, import to iManage, or save in LINK to My Files. Or, tap the X in the upper left to get a succinct menu with options to import, email, or save to My Files.

Don’t you love it? 🙂

-Maureen

LINK App: New Editor in our 3.8 Release

LINK now has a new rich text editor. We think that you will like the look of the new User Interface. In addition, the new editor provides a much more comprehensive set of editing tools.

New Font & Page Format Tabs

The new editor has four major formatting tabs:

  1. Font Formats, shown above
  2. Page Formats, show above
  3. Insert “+”, for inserting hyperlinks, tables, special characters
  4. Undo

Also, now when Send-and-File is on, the Envelope icon is green. Tap the Envelope icon to toggle Send-and-File on and off per email.

This new editor component is used to:
• Compose emails
• Compose calendar event bodies
• Compose Outlook notes
• Compose Outlook task bodies
• Create HTML notes that are saved directly in a mobilized file system (e.g., DMS or SMB shares)
• Create signatures in email settings

One of the things that I like about our new editor is that its behavior feels a lot like Word. Since we have muscle memory for Word, it’s a natural feel.

Let us know what you think!

-Maureen

LINK App: Send-and-File to DMS

We are receiving more and more requests to Send-and-File to iManage and NetDocuments. Our LINK app has done this for years.

Filing email to DMS is becoming important from a governance perspective. Not only do law firms want emails to be accessible in DMS with the Matter. But some law firms want to reduce the risk of years of email in Outlook. One of our law firm customers deletes all email at the 90-day mark. Truly. Another firm archives all email after 90 days. Retrieving email from the archive is possible but time-consuming. Therefore, filing to DMS becomes more attractive to attorneys.

Even without such law firm email policies, filing email to the Matter is increasing. The key is that is filing to DMS needs to be easy.

But Send-and-File on mobile devices is rare. It requires a tight integration of DMS and Email, as well as comprehensive security to protect confidential client data. LINK provides both the easy workflow and the security. Draft the email, tap Send, then tap a Recommended, Recent, or DMS folder to file.

LINK has predictive filing, too. LINK learns where you file a certain correspondent’s email and will show you Recommended, Recent, and DMS folders. In many cases you can file to one of these folders with a single tap.

New in LINK, the attorney can now go to the LINK email settings to turn Send-and-File on or off by default. The attorney can also toggle Send-and-File off and on, per individual email by tapping the envelope icon in draft email. When the envelope is green, Send-and-File is on.

Send and File Setting in LINK

Watch this brief video to see all of LINK’s Send-and-File features.

If you have questions, just write to us at: contact at mobilehelix.com. We’re ready to help you.

Learn more about LINK’s encryption, authentication, and secure container in this 5-minute video: LINK’s Security and Data Protection.

-Maureen

IRM Master Class at ILTA>ON

Learn about Information Rights Management – what it is and how it is implemented – on Wednesday, 8/26/2020, at ILTA>ON.

Our CEO and Chief Architect, Seth Hallem, will be presenting an educational Master Class on using Information Rights Management to prevent data leakage at ILTA>ON. Note: this is an educational session, not a promotion of our LINK app.

What You Will Learn

What is Rights Management? This class will dive into what rights management is, how it works, and who the major providers are. The introduction to the class will discuss the goals of Information Rights Management, what specific security problems IRM solves, and some of the major challenges IRM presents, particularly focused on how to navigate the trade-off between protection and practicality with IRM technologies.

Microsoft (Azure) Information Management: We will then spend the second portion of the class diving into Microsoft’s Information Protection (formerly known as Azure Information Protection) technologies, how those are implemented both on-premise and with Azure, and how they work for documents and emails. In this section we will dive into the architecture of Microsoft’s Information Protection, the benefits/disadvantages of this architecture, and how this particular implementation fulfills the security promises of IRM outlined in part 1.

Challenges with IRM: We will also dig into the challenges with IRM, and why IRM has not yet become a standard requirement for a secure enterprise.The class will conclude with a step-by-step outline for how to get started with Microsoft Information Protection. The goal of this section is to provide enough hands-on details to allow the attendees to get started down the IRM path with a clear vision of how it works, how to get started, and how to manage the trade-offs between security and flexibility based on the protection requirements for a particular client or matter.

When: Weds., August 26, 2020 at 11:30 AM – 12:30 PM CT / 5:30 – 6:30 PM BST

Where: ILTA>ON Registrants will join via Zoom

Bonus: All attendees will be entered in our drawing for a $200 Amazon Gift Card.

Recording: If you would like a link to the recording after Aug. 26th, email me at contact@mobilehelix.com or request it via the ILTA>ON platform.

-Maureen

LINK App: New Safari Button

Here is a great new feature in LINK which I use several times a day. When you open a web page in the LINK app using LINK’s browser, you can now tap the familiar Safari button to open the page in the device’s Safari browser.

You can open a link in an email, or in a document, or from an application page, then tap the Safari button to open the page outside of LINK. Here is an example.

Tap on link in Email
Opens in LINK’s browser
Tap Safari Button
Opens in Safari
Tap on “Link” to return to LINK app

I use the Safari button when I receive a link to an uncommon video conference or signature service (we test the popular ones in the LINK browser), or when a page is not rendering correctly. I also use the Safari button when I want to read something, but not now. I open it in Safari. It stays open in Safari. Then I can go back to LINK and continue working.

Sound good? Here are other benefits of the Safari button:

  1. Safari is where you do your personal browsing. If you are logged in to nytimes.com, for example, those cookies are cached in Safari. If you click a hyperlink in Link, your cookies/password manager are not available to you. Better to just browse in Safari.
  2. The LINK browser routes all traffic through your office network. The Safari button allows you to move all personal web browsing into your personal browser. This (a) keeps your work network safe, and (b) prevents web proxies that your company establishes from intercepting and monitoring your traffic. It is a simple matter of employee privacy – you should always have the ability to keep your personal business personal.
  3. Native Safari has special capabilities that LINK does not. In particular, Safari has knowledge of all the apps on your device and many sites will use this capability to automatically launch a mobile app, rather than continuing to view a website in the browser. Safari also has a few important features that are not implemented in LINK’s browser. Chief amongst them is WebRTC, which is a protocol for real-time applications like in-browser video conferencing.
  4. IT can control when Link automatically pushes hyperlinks clicked in email to the native Safari browser. For example, IT can configure Facebook links to automatically open in Safari outside of the LINK container.

Have any questions? Let me know at contact@mobilehelix.com.

-Maureen

LINK App: Time and Date Stamps

LINK’s in-app annotation is an attorney favorite. LINK has long had the feature to sign and initial documents. Now we have added stamps for time, date, and time/date. No writing. Just tap to insert a signature and date.

Here’s how to do it on either a smartphone or tablet.

  • From the open document, tap the Paper/Pencil icon in the upper right
  • The annotation menu will appear on the left
  • To add a signature. tap the “J” icon, then tap the signature
  • To add a date, tap the Stamp icon
  • From the Stamps, tap the date, time, or date/time
  • Then position it on the document

That’s literally all there is to it. Now you can email the document or save it to DMS or file storage.

For a quick demo, view this video.

Have any questions or want to see a demo of the LINK app? Email me at: contact@mobilehelix.com.

-Maureen

LINK App Enhanced Email Swipe Menus & VIP Notifications

Let’s face it, Email is vital to our work, but it’s also tedious and time consuming. In LINK we care about features which make Email management more efficient.

LINK’s configurable “Swipe Menus” are one of those features. Here are 3 key things to know about Swipe Menus.

I. Color-Coded: By popular demand, menus are now color-coded per the task.

Inbox Swipe Menus

DELETE: RED

ARCHIVE : BLUE

FLAG: ORANGE

REPLY/FORWARD/FILE: GREY

VIP: RED

READ/UNREAD: BLUE

II. More Options from Either Side

Now you can select any of these options from either Left or Right Slide: Delete, File, Flag, Unread, Forward, Reply, VIP, Archive

There are 3 swipe left options and 2 swipe right options.

III. Settings

From the Inbox, tap the Gear Icon, in the upper right to go to Settings. Select your options. Then Save.

Email Settings from the Gear Icon in the Inbox

Bonus: VIP Notifications

Don’t forget to use your VIP features. You can make any correspondent a VIP by swiping and tapping on VIP. Then in Settings, select a distinct sound for VIP notifications. Learn all about VIP notifications in this video.

I hope that these swipe menus make your life easier!

If you have any questions, please write to me at contact@mobilehelix.com.

–Maureen