Paranoid Android Kaymera smartmobe takes on Blackphone
Super-secure Israeli platform only lacks Mossad bodyguard
MWC2015 Security specialist Kaymera – based in Herzliya, Israel – has launched a mobile security platform aimed at paranoid corporations.
The Kaymera 360° software consists of a secure build of Android and accompanying MDM functions. The company describes it as a three-layer approach of protection, prevention and detection.
Using a Samsung Galaxy S5 or Nexus 5, Kaymera reflashes the phone with its own version of Android. There are also plans to support the LG G3 and the company's COO, Oded Zehavi, told us that the plan is to support four to six high-end phones per year.
“One part of our secret sauce is that we provide military-grade security, while providing an experience as simple as any commercial device,” he told us.
Kaymera has chosen the approach of using branded phones rather than commissioning a device because its customers' senior staff often want a brand they recognise and which offer better support mechanisms. It’s much easier for a company to get a broken screen on a Galaxy S5 repaired locally than to have it sent back to the manufacturer.
Phones can be flashed by Kaymera and then sent out, or flashed by the company on-premises at secure facilities – which is what they do with government customers – or the build can be downloaded and installed by a corporate IT department.
The custom version of Android gives the secure device encrypted storage, prevention against physical extraction of data and a link to the MDM, which then gives the enterprise an overview of what’s going on and the option of remote wiping and locking.
Usage policies can be managed at the corporate, group and device level.
The voice encryption means you can only talk securely to other Kaymera users. There is a scheme under which corporate users can dial into a secure portal, which then carries an unencrypted voice call, but there is no way for other users to download an app and receive a voice call.
The solution is very much targeted at corporates, who will buy large quantities of handsets for staff to allow them to work securely with each other, rather than individual users or customers who might want to talk to
defendants clients securely.
It's an expensive service. Zehavi said pricing was very much on a case-by-case basis, but was of the order of a few hundred dollars per month, per device.
Voice calls work via 3G and require 5-10 KBs as minimal bandwidth for the secure VoIP session, but the software uses a very adaptive CODEC that can work in low-bandwidth environments and has been tested in extreme situations. As part of the solution, the system will check the network bandwidth every time you trigger a call and will notify the user if a secure call can be initiated, or will fall back to an unsecure mode over GSM. There is also integrated encrypted messaging: immediate messaging, secure attachment-sharing and time-limited, self-destructing messages. Unlike Blackphone, the VPN is always on.
The security uses a PKI cryptosystem stored in a hardware-protected keystore. The robust encryption framework leverages 2048-bit RSA and a cryptosystem with AES 256-bit symmetric session keys.
If all else fails and the phone user is physically attacked, he or she can type in a distress PIN which will lock the phone and summon help. Unfortunately, Kaymera does not offer the option of having an IDF SWAT team helicoptered to the GPS location, which is a shame, as it’s just what attendees of Mobile World Congress will want for use against Barcelona street thieves. ®
Sponsored: 2016 Cyberthreat defense report