We started Privoro in 2013 not merely as a company, but as a philosophy: that security and privacy need not be casualties of our hyper-connected, sensor-driven, mobile-first world. That we should be able to trust and control our electronic devices. That our information is ours alone, and we should be able to control how it is accessed and shared.
Fast-forward five years. Smartphones are not only front and center in our digital lives, but the focus of an intense battle for our information – from cybercriminals seeking our most important details to advertisers looking to target us based on our digital footprints. We have limited options for keeping attackers out or pushing back on privacy policies to prevent “legitimate” data collection (really, delete all of our apps?). And our voices are increasingly being used to interface to powerful microphones, making our sensitive, confidential or simply private conversations yet another source of data to be stolen or collected. Welcome to life in the age of unwarranted data capture.
It’s clear that this battle will not be won with conventional solutions. Or by making compromises. Or even by working within existing systems. Smartphones are banned for good reason in many locations that deal with sensitive information; ultimately, if you can't trust the underlying device, you can’t use it as the basis for your protection.
No, to reclaim privacy and take back control over our digital lives, we need to fundamentally rethink mobile security. And with SafeCase, our second-generation product, we believe that’s what we’ve done.
Data is the oil of the 21st century (and smartphones are the pumps)
Imagine, if you will, the perfect surveillance device. It always accompanies its target. It constantly collects data. It provides access to the target’s files and online services. And it has built-in cameras and microphones for watching and eavesdropping.
(Hint: It’s a smartphone.)
- Data leakage: Smartphones are packed with sensors that collect an endless flow of data points – movements, behaviors, user actions and more. Taken as a whole, these data points can be siphoned by third parties – like advertising model-based businesses, data brokers or intelligence agencies – and aggregated into user profiles, which are then used to target or score us in ways we may not understand.
- Data theft: Smartphones suffer from inherent vulnerabilities as a result of their fragmented ecosystems and architectural limitations. Exploiting these weaknesses allows hackers, cyber-mercenaries and other bad actors to take total control of our devices (and our information). And beyond the many common malicious tools and techniques that have long been in use, emerging chip-based exploits – including Meltdown and Spectre – and novel supply chain attacks promise to make matters even worse.
- Live surveillance: The latest forms of spyware – such as Pegasus and ViperRAT – are capable of not only stealing data but of hijacking a smartphone’s built-in cameras and microphones. Threat actors using these tools can perform live surveillance of the conversations and visuals in the vicinity of the device, or capture imagery and audio for exfiltration back to a central server.
A long journey
So, in light of these challenges, how do we leverage smartphones without losing control of such sensitive information?
That’s the question we asked at the beginning of our journey at Privoro. We knew that in order to actualize our philosophy in the face of tremendous assaults against our privacy and digital safety, we would have to rethink mobile security from the ground up.
- We needed to decouple mobile security from the vulnerable ecosystem. Current mobile security solutions, most of which are based in software, rely on the vulnerable mobile ecosystem to maintain their safeguards. So we developed an entirely new kind of secure, external mobile hardware with its own processing, communications and integrated cloud infrastructure.
- We needed to protect against compromised smartphone sensors. There’s currently no way to tell if smartphone cameras and microphones have been hijacked. So we developed continuous, physical protections – including proprietary audio masking – that work independently of the smartphone.
- We needed to address every known avenue of attack. So we tackled them one-by-one, creating a high-security platform with an independent hardware root of trust, a secure hardware architecture, cryptographic communication and a secure supply chain and provisioning process.
- And we wanted to be able to adapt to an organization’s needs. So we built a flexible hardware and cloud architecture that can accommodate future services and hardware innovations.
I’m beyond proud to share the culmination of our years-long development process: the SafeCase for iPhone. Yes, it’s a smartphone case, but it’s so much more than that. It’s a high-security source of trust. A counter-surveillance device. A modular platform for incorporating hardware innovations.
But most of all, the SafeCase is a viable alternative for organizations and individuals looking to take back control over their most important information. Today, that may be a sensitive conversation taking place in the presence of a compromised or overreaching smartphone. But the possibilities for hardware-based mobile protections are vast.
As you can guess, it was not easy to build an entirely new product category. The development of SafeCase required an orchestration of hardware, firmware, software and cloud, each engineered to exacting standards. But our philosophy demanded nothing less.
Exciting times are ahead as we look to provide a new form and standard of mobile security and we continue the journey we started in 2013. We hope that you will join us in our quest to reclaim privacy and control.