Sikur’s COO: Hacker diversity essential in securing SIKURPhone

By: Hacker One

German cybersecurity company, Sikur, has high demands for security – it’s Secure Communication Platform is utilized by governments, corporations, and high-level executives.

In addition, the company just announced a new cryptocurrency wallet for its secure mobile device, SIKURPhone at Mobile World Congress in Barcelona.

Ahead of this new product launch, Sikur ran a HackerOne challenge with highly skilled hackers focused on everything from hardware, to software to physical phone theft. We chatted with Sikur COO Alexandre Vasconcelos, who was in charge of the program, to learn more about how hackers serves as an essential component of Sikur’s overall security strategy.

Why did you choose to run a hacker-powered security test versus a standard penetration test?

When crafting such device with a specific purpose our goal is to keep user information safe from any prying eyes, so when submitting the SIKURPhone to researchers we expected that would test things that we had missed.

A standard penetration test may depend on the unique ability of the tester who – by the way – can be an exceptional tester, but it will not cover all the product technical aspects. On the flip side, a hacker-powered test is far more extensive, due to its nature of having more testers and with different backgrounds, which contributes to the hacking process. By this approach, the program is more effective and proved that our device has accomplished its purpose, keeping user information (stored locally, in the cloud or in transit) secure from any third-party.

You focused on three test plan areas: accessing a “stolen” phone, breaking a purchased phone, and intercepting data. Why these three areas?

That’s because we think that those are the most common situations where hacking occurs. When a malicious person gains access to your device, chances are that a local exploitable flaw may be found. Having researchers help to prove that was crucial to our product.

The proposed “stolen” phone scenarios were important to set real world situations that, where any user could face. Our goal was to prove that users would benefit from SIKURPhone security, keeping their information safe even in the worst situations, like a device theft.

There were no limitations during the testing phase, hackers were allowed – and encouraged – to search for hardware and software vulnerabilities.

Did they find any vulnerabilities that surprised you (no need to name the vulnerability, just explain the process or why it was surprising)?

In fact, we’ve got surprised by the way that hackers worked to find the issues, the approach was very interesting and effective.

Talk to us about the hardware component of your challenge and how its different from software-based security.

Hardware is far more difficult, because it has some very particular components that works together with software. Also, when it comes to hardware, when a vulnerability is found, deeper testing is needed to guarantee that the fix will not affect other components.

We do have some engineers with hardware expertise, and it is a very particular profile, as they also need to have software skills to help implement the solution as a hacker would, thus setting the security bar higher. HackerOne helped us a lot to find the right hacker profile for our challenge; they did a very good job.

How did HackerOne’s managed services (triage) help you and your team during the Challenge?

The triaging service is crucial to both sides, so that hacker can have a better understanding on how the customer’s product works, and on the flip side the customer may have a clearer understanding about the hacker approach to a given situation. Somethings that may seem to be an issue are made by design, and some can be classified as bugs. The triage service gave us room to work on those situations.

How did the hacker-powered penetration test via HackerOne Challenge compare with your past penetration tests?

We did have some tests before, but as technology and hacking techniques evolve, there is always something to learn and improve. We always learn something new. In this challenge we gained a lot of knowledge that will help to improve our skills.


SikurPhone packs built-in ‘hack-proof’ cryptocurrency wallet.

By: Katie Collins

If you’ve recently amassed a cryptocurrency fortune and need a secure phone to manage it, look no further than the SikurPhone.

Are you paranoid about security and sitting on a cryptocurrency fortune?

Brazilian company Sikur unveiled a phone with a built-in cryptocurrency wallet at Mobile World Congress in Barcelona on Tuesday that might be just right for you.

The SikurPhone is the successor to Sikur’s GranitePhone, which it launched two years ago at the show. It offers the same supposedly “impenetrable security”, but with an updated interface and the ability to seamlessly store cryptos on Sikur’s secure cloud.

“Securely storing information on our devices is one of our strong points,” said Sikur SEO Cristiano Iop in a statement. “We succeeded with browser and messaging security. Then we asked, why not do it with cryptocurrency?”

Sikur claims its fully encrypted phone is “hack proof”, which feels like it’s just asking all hackers out there to prove it wrong.

To save them the trouble, Sikur challenged bug bounty company HackerOne to test the phone’s impenetrability over a two-month period. After putting the SikurPhone through rigorous testing, HackerOne told Sikur it hadn’t succeeded in cracking the device’s security.


Empresa lança smartphone próprio para armazenar criptomoeda

By: Reuters


SÃO PAULO (Reuters) – A empresa de segurança Sikur revelou nesta segunda-feira um telefone celular dedicado para armazenar criptomoedas, em meio à crescente demanda de investidores por proteção contra crimes cibernéticos no volátil mercado de moedas virtuais de cerca de 450 bilhões de dólares.

O produto, lançado durante uma feira de telecomunicações de Barcelona, o Sikurphone foi lançado com preço de 799 dólares durante a fase de pré-vendas, afirmou a companhia em nota.

A Sikur desenvolve sistemas de criptografia que podem ser instalados em aparelhos iOS, da Apple, ou Android, do Google, assim como em tablets e PCs.

Há três anos, a empresa já havia lançado um celular com criptografia, o Granitephone, que faz comunicações por vídeo, voz, mensagens, chats e compartilhamento de documentos, usando o sistema operacional Android.