The Top 5 Cellphone Risks We Guard Against As We Mark ChatMail’s 5th Year

ChatMail   |   August 15, 2022

The Top 5 Mobile Threats ChatMail Protects You Against

A lot has changed in the last five years since we launched ChatMail™. This past year, we have added Encrypted Calling and many useful features. We are excited about the months ahead as we prepare to launch a custom operating system to enhance ChatMail’s security.

Celebrating our success with those of you who have chosen to promote and/or make ChatMail your encrypted mobile solution is essential to us. Every decision we make is with our client’s privacy and safety in mind.

We felt the best way to celebrate ChatMail’s 5th birthday was to illustrate how we achieved our successful milestone by protecting our customers where they needed it most.

# 1 – WFH and BYOD

Working From Home became a phenomenon virtually overnight at the start of the COVID19 pandemic, thrusting the business world into a situation it was largely unprepared for. A survey of 1,500 hiring managers shows 62% of companies plan to continue to WFH. Many others are taking a hybrid approach with fewer days in the office and a continued remote work component.

According to the 2022 BlackBerry Threat Report, cyberattacks increased by 400% primarily because people worked from home for a company with a Bring Your Own Device program. “Insecure apps threaten organizations with BYOD policies, and those supporting mobile or remote workers. The danger arises from employees increasingly using unmanaged personal devices to perform professional tasks.”

In addition to being very difficult for companies to manage with varying types of devices and operating systems, for employees, “It’s an invasion of privacy and could expose your personal data.” 83% of companies have a BYOD policy of some kind. The risk BYOD brings to businesses outweighs any benefits.

Companies that use ChatMail for their corporate encrypted mobile solution enjoy the security afforded by our proprietary MDM policy. ChatMail cannot be used with third-party apps and prevents internet browsing, two of the biggest risk factors for introducing data vulnerabilities.

ChatMail prevents Man-in-the-Middle attacks by verifying all incoming messages and calls. Owning and operating a private data center ensures 99.9% up time and provides peace of mind without the concern of interception externally hosted servers pose.

# 2 – Cloud Attacks

The main issue with cloud storage is the lack of encryption for data at rest in most servers, and the fact that data is even stored at all. With ChatMail, your data is simply being relayed by our custom servers, nothing is stored, and we don’t keep a roster of clients’ contacts. A roster is a list of contacts associated with clients for apps that retain messages on their server.

Anything stored on a cloud server is susceptible to being viewed if decrypted or infiltrated by hackers, who can then use it to launch further cyberattacks. With ChatMail, the sender has control over whether they want their data to be shareable or saved.

As ChatMail is supported by the private Myntex data center, our clients don’t have to worry about who has access to a third-party hosted cloud. Myntex CEO, Geoff Green, explains the benefit of hosting a proprietary data center is having physical control over access. “If you are hosted in a third-party data center, you don’t control anything. They control it and give you access …”

Cloud storage is often targeted with ransomware. ITPro notes, “In what’s known as cloud ransomware, or RansomCloud, adversaries are seeking ways to attack cloud applications and stored data, as well as cloud-based companies.”

For more on ransomware, and how ChatMail protects you, see risk # 5 at the end of this blog.

# 3 – Phishing Scams

A report from IBM shows that phishing was the most popular attack vector in 2021, resulting in one in five employees falling victim to phishing hacking techniques.

Phishing remained the dominant factor in data breaches over the first quarter of 2022, with HTML files being the most common type of attachments used for phishing purposes. In these types of attacks malicious actors use social engineering to coerce victims into providing access to accounts.

Voice phishing, or vishing, is on the rise. WhatsApp has been targeted for this type of attack. There were more than 50 million victims of vishing in the US last year alone. CNBC reported Americans were defrauded $30 billion over a twelve month period through these phone schemes, with one in three being caught in scam calls.

With ChatMail, there is no chance of being caught in a phishing scam. Every message is encrypted with its own unique key. ChatMail users can instantly see if messages are secure, using a quick visual check. With three solid diamonds in the message bubble, you have confirmation it meets our stringent protocol: It’s fully encrypted, verified with your private key, and from a trusted sender.

Calling is encrypted with the Zimmermann Real-time Transport Protocol in ChatMail. ZRTP lets you verbally confirm matching shared codes to ensure calls are private and have not been intercepted. You’re protected from eavesdropping on your calls, which could reveal critical information about you or your company.

# 4 – Blockchain/Cryptocurrency Attacks

In August 2022, a widespread attack worth millions in Solana crypto was linked to mobile wallets. This type of breach is only going to increase as more money goes into crypto, with reports of over $2.7 billion spent on NFT minting in the first half of the year.

Hackers and phishers go where the money is and they are creating easily replicated attacks. Recently, CNET Money reported, “In what's being called a "decentralized robbery," a flaw in Nomad's coding allowed people to steal money just by copy-and-pasting a script.”

As noted in a recent ChatMail blog about blockchain, “Web3 refers to a decentralized online ecosystem based on the blockchain.” Some use Web3 to describe anything to do with blockchain and cryptocurrency. They see it as a way to take power back from financial institutions to decentralize the economy.

With the increasing popularity of crypto and NFTs, many phone providers offering encrypted devices are incorporating access to crypto wallets or claim to be built on blockchain. However, your privacy is eroded with Web3 supported technology on a mobile device because every action is connected to the blockchain, which is recorded in a public leger.

ChatMail protects you from blockchain exposure. This means no trading crypto from your device and no need to worry about your communications being recorded on a public ledger. ChatMail’s focus is on secure mobile solutions. We separated internet browsing from ChatMail to remove its’ inherent vulnerabilities so our customer’s phones remain private.

# 5 – Ransomware

The Cybersecurity & Infrastructure Security Agency defines ransomware as a type of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.

According to the X-Force Threat Intelligence Index 2022, “Triple extortion is an increasingly popular tactic of encrypting and stealing data, while also threatening to expose the data publicly and engage in a distributed denial of service (DDoS) attack against the affected organization unless a ransom is paid.”

There are typically five stages in a ransomware attack:

  • Stage 1: Initial Access – typically a phishing attack
  • Stage 2: Post-Exploitation – may involve a remote access tool (RAT), malware, or trojan virus
  • Stage 3: Understand and Expand – exploiting a directory to harvest credentials is common
  • Stage 4: Data Collection and Exfiltration – focus on finding and extracting valuable data
  • Stage 5: Ransomware Deployment – targeting a domain controller to distribute the ransomware

The number one way to prevent Ransomware is to limit access to your data and prevent phishing threats. Replacing standard smartphones with a hardened device like ChatMail is an excellent first line of defence.

Since ChatMail doesn’t allow third-party apps, there is no chance of downloading a malicious app masquerading as a legitimate one. Without access to internet browsers on ChatMail, there is no risk of malware pop-ups, or other exposure from spoofing of visiting fake sites or inadvertently clicking on unsafe links. ChatMail also does not allow USB connectivity, therefore this vector of attack is removed from your risk.

Since all messages are encrypted with ChatMail’s CAMP protocol, you will be able to have confidence in knowing you are communicating with verified contacts. To safeguard against receiving files with malicious imbedded. The only attachments you can view within ChatMail are encrypted photographs or notes, so you are protected in this regard as well.

Once again, thank you for being a part of our journey as we celebrate the 5th birthday of ChatMail.

ChatMail. Engineered for Security. Designed for Privacy.