Sikurphone – nejbezpečnější způsob komunikace bez obav z odposlechu citlivých informací

By: Mgr. Petr Duchoslav

Společnost Satomar, distributor vybraných produktů z oblasti komunikačních a informačních technologií, představuje na našem trhu telefony SikurPhone a komplexní platformu Sikur, která představuje nejbezpečnější způsob osobní a firemní komunikace. Toto řešení je určeno pro každého, komu záleží na důsledném uchování svého soukromí.

SikurPhone je samostatný ekosystém bezpečné privátní komunikace mezi všemi zařízeními vybavenými příslušným operačním systémem nebo aplikací s možností propojení i se všemi dalšími mobilní telefony, tablety a počítači. Díky úzké spolupráci se společností Sony jsou základem tohoto ekosystému dva modely smartphonů Sony, na které je nainstalován vlastní operační systém SikurOS založený na Androidu. Ten umožňuje šifrované a zabezpečené spojení splňující nejvyšší bezpečnostní kritéria mezi zařízeními SikurPhone či staršími GranitePhone. Kromě popsaného hardware mohou být díky speciální aplikaci do zabezpečeného systému připojena také další zařízení s operačními systémy Android, iOS či Windows.

Bezpečná komunikace prověřená hackery

Zajištění diskrétnosti spočívá ve vysoce propracovaném a sofistikovaném formátu kódování informací s využitím několika bezpečnostních vrstev. Platforma SikurPhone zahrnuje vlastní zabezpečenou nadstavbu operačního systému Android – SikurOS – která díky propracovanému řešení eliminuje nutnost využívání VPN či firewallu. SikurOS je dostupný buď předem předinstalovaný v sadě s jedním z ověřených mobilních telefonů pocházejících z dílny Sony, nebo pak prostřednictvím aplikace, kterou je možné získat na běžně používaných obchodech Google Play, App Store či na stránkách výrobce sikur.cz. Bezpečná komunikace je zajištěna pouze mezi zařízeními využívající Sikur OS. Samozřejmostí je však zachování všech dalších způsobů komunikace mimo platformu Sikur na smartphonech a počítačích.

Neoddělitelnou součástí SikurOS je také sada ověřených aplikací, jako internetový prohlížeč, e-mailový klient, populární komunikační nástroj WhatsApp, zpravodajská aplikace shrnující nejnovější zprávy z hlavních mediálních kanálů po celém světě a další, s jejichž využitím lze zabezpečit textovou osobní i e-mailovou komunikaci včetně skupinové, sdílení souborů, telefonní hovory i video konference. Po testování a schválení se součástí tohoto nejbezpečnějšího běžně dostupného ekosystému může stát jakákoli další aplikace libovolného vývojového týmu.

Algoritmus šifrování dat i bezpečnost celé platformy SikurPhone byla úspěšně prověřena organizací HackerOne, která ve spolupráci s nejlepšími hackery pomáhá výrobcům ověřit jejich bezpečnostní prvky. Bezpečnost byla prověřena reálným testováním, během něhož nebyly komunikační protokoly prolomeny. Společnost Gartner označila výrobce Sikur jako dodavatele, který má v tomto technologickém segmentu příslušná řešení.

Kryptoměnová peněženka

Nedílnou součástí každého SikurPhonu je i peněženka na kryptoměny. Pokud patříte mezi fanoušky digitálních měn, představuje SikurPhone jednu z nejbezpečnějších možností jejich uložení. Se SikurWallet navíc získáte přímou podporu Bitcoin Testnetu, ideálního nástroje pro testování bitcoinových aplikací napříč platformami.

Dostupnost

Telefony SikurPhone i aplikaci Sikur je možné objednat již nyní na stránkách sikur.cz či prostřednictvím výhradního dovozce a distributora – společnosti Satomar, s.r.o. Cena je stanovena na 19 990 Kč včetně DPH pro model SikurPhone SONY XA1 a 24 990 Kč včetně DPH pro model SikurPhone SONY XZ1. V ceně telefonu je již zahrnuta dvouletá licence pro používání platformy Sikur.

O společnosti Satomar

Společnost Satomar se již desátým rokem zabývá dovozem, prodejem a distribucí mobilních telefonů, tabletů a dalších elektronických zařízení či příslušenství. Za dobu svého působení uvedla na trh úspěšně produkty značek Revogi, Deveroux, Livall, Sunmi, ChatSIM, LCD tablety Ainol či Pipo, elektronické zápisníky Boogieboard, mobilní telefony Cube 1, Cubot nebo Oukitel, dětské hodinky s GPS Abardeen, počítačové příslušenství pod vlastní značkou Beik či minipočítače Remix. Kromě toho se společnost soustředí i na OEM výrobu pro své partnery.

Více: https://www.securitymagazin.cz/security/sikurphone-nejbezpecnejsi-zpusob-komunikace-bez-obav-z-odposlechu-citlivych-informaci-1404061641.html

3 Out of 4 Employees Pose a Security Risk

By: Steve Zurier

New MediaPRO study also finds that management performed worse than entry- and mid-level employees in how to handle a suspected phishing email.

Despite concerted efforts by many US organizations to improve security awareness among users, a new study shows they still have a long way to go.

Some 75% of respondents today pose a moderate or severe risk to their company’s data, according to MediaPRO’s third annual State of Privacy and Security Awareness Report, and 85% of finance workers show some lack of data security and privacy knowledge.

Tom Pendergast, chief security and privacy strategist at security awareness and training provider MediaPRO, says the firm surveyed more than 1,000 employees across the United States to quantify the state of privacy and security awareness in 2018. More people fell into the risk category this year than in 2017 – and that number had nearly doubled since the inaugural survey, he says.

“The overall results revealed a trend we weren’t happy to see, that employees performed worse across the board compared to the previous year,” Pendergast says. “While I think there’s a certain amount of security fatigue from news of all the attacks, if in five years I don’t see significant change I will be surprised. There’s both a cultural a business awareness of the need to do good work in this area.”

MediaPRO based its study on a variety of questions that focus on real-world scenarios, such as correctly identifying personal information, logging on to public Wi-Fi networks, and spotting phishing emails. Based on the percentage of privacy and security-aware behaviors, respondents were assigned to one of three risk profiles: risk, novice, or hero.

Here’s a thumbnail of some other notable findings:

1. Employee performance was worse this year across all eight industry verticals measured. Respondents did much worse in identifying malware warning signs, knowing how to spot a phishing email and social media safety.

More: https://www.darkreading.com/endpoint/privacy/3-out-of-4-employees-pose-a-security-risk/d/d-id/1333037

Sikur turned a Sony smartphone into a cryptocurrency vault

By: Stan Schroeder

If you need to carry a substantial amount of cryptocurrency on you at all times, but you just don’t trust the average smartphone, a company called Sikur might have a solution.

On Wednesday, Sikur launched the SIKURPhone, a customized variant of a Sony smartphone, its Android enhanced with the secure, crypto-oriented SikurOS software.

SikurOS comes with a cryptocurrency wallet and numerous security-oriented features, such as the ability to remotely wipe the device, and Sikur’s own Secure App Store (launching later this year) which should host only vetted and thoroughly checked apps. A security-oriented chat app and browser are also on board.

The phone comes in two flavors: One is based on Sony’s XZ1, a 5.2-inch smartphone with a Snapdragon 835 chip, 4GB of RAM, 64GB of storage, a 2,700mAh battery and a 19-megapixel camera on the back paired with a 13-megapixel selfie camera.

The other is based on Sony’s mid-range XA2, which has a Snapdragon 630 chip, 3GB of RAM, 32GB of storage, a 23-megapixel rear camera, and 8-megapixel selfie camera, and a 3,300mAh battery.

Neither of these devices are particularly new — Sony launched two more XZ-series flagships after the XZ1 — but their specs are still good enough to hold their own against most modern phones.

If you’ve followed Sikur over the past couple of years, this launch is probably quite confusing. The company’s original SIKURPhone, launched in February 2018, had both its hardware and software built by Sikur. Now, the company appears to have pivoted to building only software which it will deploy on phones made by other manufacturers.

More: https://www.yahoo.com/news/sikur-turned-sony-smartphone-cryptocurrency-080440484.html

Modifican un Sony Xperia hasta el extremo para que funcione como monedero de criptomonedas

By: Damián García

Seguramente la gran explosión de las criptomonedas y el Blockchain ha pasado ya, pero a pesar de ello muchos usuarios continúan atentos a sus cotizaciones, a su minado o a sus carteras de moneda virtual, lo que continúa atrayendo a algunas compañías que buscan sacar provecho a un mercado poco explorado como este, al menos en cuanto a opciones de smartphones específicamente diseñados para él.

Algún modelo hemos visto con la seguridad por bandera, buenas y no tan buenas ideas para smartphones centrados en las criptomonedas, pero seguramente ninguna tan sencilla como esta de Sikur, una firma de origen brasileño que ha convertido un smartphone Xperia de Sony en una segura cartera para moneda virtual.

Se trata de una solución ingeniosa, que se basa en coger la plataforma solvente como la de un Sony Xperia XZ1 -o un Sony Xperia XA2 según necesidades del cliente-, e instalarle una personalización de software seguro y orientado a la criptografía como SikurOS sobre Android 8.1 Oreo.

 Y así pues, un Sony Xperia XZ1 o un Xperia XA2 se convierten en tu monedero de criptomoneda más seguro, permitiendo que lleves contigo cualquier cantidad de estas criptodivisas sin miedo alguno.

SikurOS transforma el Xperia XZ1 en una cartera de bitcoins súper segura

By: Carlos Martínez

Hace un par de años la compañía Sikurpresentó en la feria Mobile World Congress su solución destinada a los amantes de las criptomonedas. Se llamaba GranitePhone, y no era más que un teléfono con un potente software que lo transformaba en una cartera de monedas virtuales.

La clave se encuentra en el hermetismo de sus desarrolladores, que no permiten la instalación de aplicaciones de terceros que no hayan pasado su criterio, por lo que la seguridad y privacidad del terminal se mantiene intacta, algo que inspira bastante confianza a la hora llevar una cartera virtual en el propio terminal.

La reputación del sistema operativo empezó a crecer, y tal es el respeto que existen en este nicho de seguridad extrema que han conseguido convencer a Sony para que den vida a los nuevos terminales de la marca. El resultado es un Xperia XZ1 modificado por software, ya que mantiene las especificaciones de siempre con el Snapdragon 835, 4 GB de RAM y 64 GB de capacidad, pero en su lugar se incluye SikurOS como sistema operativo.

También existe una versión más económica (aunque por ahora no se han detallado los precios), ya que se basa en el Xperia XA2, de nuevo con las mismas prestaciones que el original, con pantalla de 5,2 pulgadas IPS, Snapdragon 630, 3 GB de RAM y 32 GB de capacidad.

Más: https://www.movilzona.es/2018/10/04/sikuros-xperia-xz1-cartera-bitcoins/

Sikur Launches Sony-Based Secure Android Smartphones, SikurPhone XZ1 & XA2

By: Alexander Maxham

 

In short: Sikur has announced that its SikurOS is now compatible with all Android smartphones, and it is also launching two highly secure smartphones that are based off of Sony’s more popular devices – the Xperia XZ1 and XA2. In fact these smartphones, even share those names as well. With the SikurPhone XZ1 and SikurPhone XA2. The hardware is the same as when Sony debuted these smartphones back in 2017, the only difference is the fact that it runs on Sikur’s highly secure Android software. Both of these devices have “several layers” of security, and it also has a pretty locked down app store. You cannot install third-party apps using the Unknown Sources feature that you would find on other smartphones. There are very few apps that are compatible with Sikur’s software. Sikur also has a cryptocurrency wallet, so if you are the type that owns some cryptocurrency, the SikurPhone is going to keep it nice and safe and away from hackers.

Critical MacOS Mojave vulnerability bypasses system security

By: Michael Archambault

With the launch of a new version of macOS from Apple typically comes a culmination of new features, better performance, and enhanced security. Unfortunately, the previous statement might not necessarily be true as security researcher Patrick Wardle, co-founder of Digita Security, has discovered that MacOS Mojave includes a severe security flaw; the bug is currently present on all machines running the latest version of macOS and allows unauthorized access to a users’ private data.

Wardle announced his discovery on Twitter, showcasing that he could easily bypass macOS Mojave’s built-in privacy protections. Due to the flaw, an unauthorized application could circumvent the system’s security and gain access to potentially sensitive information. With the Twitter post, Wardle also included a one-minute Vimeo video showing the hack in progress.

The short video begins with Wardle attempting to access a user’s protected address book and receiving a message that states the operation is not permitted. After accessing and running his bypass program, breakMojave, Wardle is then able to locate the user’s address book, circumvent the machine’s privacy access controls, and copy the address book’s contents to his desktop — no permissions needed.

Wardle is an experienced security researcher who has worked at NASA and the National Security Agency in his past; he notes that one of his current passions is finding MacOS security flaws before others have the chance. While it is unlikely Wardle will release the app as a malicious tool, he does want to spread knowledge of its existence so that Apple addresses the issue in a timely fashion.

More: https://www.digitaltrends.com/computing/macos-mojave-vulnerability

 

Researcher devised a new CSS & HTML attack that causes iPhone reboot or freezes Macs

By: Pierluigi Paganini

The security researcher security researcher Sabri Haddouche from Wire devised a new CSS attack that causes iPhone reboot or freezes Macs.

The security researcher security researcher Sabri Haddouche from Wire devised a new attack method that saturates Apple device’s resources and causing it crashes or system restarts when visiting a web page. The experts discovered that iOS restart and macOS freezes when the user visits a web page that contains certain CSS & HTML.

Depending on the version of iOS being used, the bug could trigger the UI restart, cause a kernel panic and consequent device reboot.

This attack leverages a weakness in the -webkit-backdrop-filter CSS, for this reason, it affects all browsers on iOS that leverage on WebKit as rendering engine is WebKit. The weakness also affects Safari and Mail in macOS, but it doesn’t affect Linux and Windows systems.

“The attack exploits a weakness in the –webkit-backdrop-filter CSS property,” Haddouche explained to BleepingComputer. “By using nested divs with that property, we can quickly consume all graphicresources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail. On macOS, the UI freeze. On iOS, the device restart.”

More: https://securityaffairs.co/wordpress/76228/hacking/css-attack-iphone-reboot.html

Cyber attacks cost German industry almost $50 billion: study

By: Reuters

(Reuters) – Two thirds of Germany’s manufacturers have been hit by cyber-crime attacks, costing industry in Europe’s largest economy some 43 billion euros ($50 billion), according to a survey published by Germany’s IT sector association on Thursday.

Industry association Bitkom surveyed 503 top managers and security chiefs from across Germany’s manufacturing sector, and found the small and medium-sized companies that are the economy’s backbone were particularly vulnerable to attacks.

“With its worldwide market leaders, German industry is particularly interesting for criminals,” Bitkom head Achim Berg said in a statement, urging companies to take cyber-security more seriously and invest commensurately.

German security officials have long been sounding the alarm about the risk of well-resourced foreign spy agencies using cyber attacks to steal the advanced manufacturing techniques that have made Germany one of the world’s leading exporters.

The survey identified risks across the spectrum, with a third of companies surveyed reporting mobile phones had been stolen and a quarter saying they had lost sensitive digital data.

More: https://mobile-reuters-com.cdn.ampproject.org/c/s/mobile.reuters.com/article/amp/idUSKCN1LT12T

Tesla Model S Hack Could Let Thieves Clone Key Fobs to Steal Cars

By: Mohit Kumar

Despite having proper security measures in place to protect the driving systems of its cars against cyber attacks, a team of security researchers discovered a way to remotely hack a Tesla Model S luxury sedans in less than two seconds.

Yes, you heard that right.

A team of researchers from the Computer Security and Industrial Cryptography (COSIC) group of the Department of Electrical Engineering at the KU Leuven University in Belgium has demonstrated how it break the encryption used in Tesla’s Model S wireless key fob.

With $600 in radio and computing equipment that wirelessly read signals from a nearby Tesla owner’s fob, the team was able to clone the key fob of Tesla’s Model S, open the doors and drive away the electric sports car without a trace, according to Wired.

“Today it’s very easy for us to clone these key fobs in a matter of seconds,” Lennert Wouters, one of the KU Leuven researchers, told Wired. “We can completely impersonate the key fob and open and drive the vehicle.”

Tesla’s Key Fob Cloning Attack Takes Just 1.6 Seconds

Like most automotive keyless entry systems, Tesla Model S key fobs also work by sending an encrypted code to a car’s radios to trigger it to unlock the doors, enabling the car to start.

However, the KU Leuven researchers found that Tesla uses a keyless entry system built by a manufacturer called Pektron, which uses a weak 40-bit cipher to encrypt those key fob codes.

The researchers made a 6-terabyte table of all possible keys for any combination of code pairs, and then used a Yard Stick One radio, a Proxmark radio, and a Raspberry Pi mini-computer, which cost about $600 total—not bad for a Tesla Model S though—to capture the required two codes.

With that table and those two codes, the team says it can calculate the correct cryptographic key to spoof any key fob in just 1.6 seconds. To understand more clearly, you can watch the proof of concept video demonstration which shows the hack in action.

More: https://thehackernews.com/2018/09/tesla-model-s-remote-hack.html