Encrypting your communications guarantees anyone who intercepts them will not be able to read your messages. But what about the data that stays on your device? Chat histories, contacts, stored files, etc. – all possibly sensitive information. This is where device encryption and remote wipe come in to protect your stored data.
Why do you need device encryption?
The reality of contemporary mobile communications is that data is rather easily accessible. You may think that a chat session between you and a contact is private, but in reality, it goes through a number of servers and parties that have access to your messages (your internet service provider, the company that provides the chat service, etc.). That this data is out there is a given. What you can do to regain privacy, is to encrypt it. This way, only you and the intended recipient can read the message. To all other who don't have a key, the text would look like nonsense.
It is the same for the data on the device itself. Imagine that someone steals or takes away your phone. If it is locked with just a PIN or a pattern, the attacker could easily unlock the device (more on that here) and gain access to everything on it – apps, libraries, stored files, contacts. But they might not even have to bother with brute-forcing the lock. They could dismantle the phone, extract the hard drive, mount it to a different device and access the data there. However, if they try to do that with an encrypted device, the data will be of no use to them.
To paraphrase: device encryption provides another layer of security. There are two approaches to it:
- File-based encryption (FBE), which encrypts files individually with different keys for each.
- Full disk encryption (FDE) which encrypts entire disc sectors, regardless of what files are stored on them.
The two have different advantages which make them suitable for different purposes. FDE, which is what our secure communications device Secure Phone opts for, encrypts all the data – including the bits that apps need to run properly. This renders the device useless to anyone without a key.
How device encryption works on Secure Phone
Device encryption is an integral part of Secure Phone. The process starts as soon as the user turns on the device for the first time. After setting up a subscription for the service and choosing a PIN or password (preferably the latter) for the lock screen, they are prompted to choose the key, with which the device is then encrypted. The user cannot skip this step. Therefore, there is no option for Secure Phone to not have full storage encryption and function at all.
The abovementioned key for the encryption is a PIN or password (you should know which is better by now), different from the one used to lock the screen. This key is not stored anywhere on the device (so the user has to remember it) and is used to decrypt it after each reboot. Once decrypted, the device can be used, until it is shut down – when it gets fully encrypted again.
To put it in different words: even if the phone is off, the data is 100% encrypted and would be of no use to anyone who steals the device and extracts the data by mounting its drive on another device.
Remote wipe is the second line of defense for your data
OK, but what if someone steals your device while it's on? In this case, you have the lock screen first. But, as we already mentioned, it is not impossible to break (although Secure Phone could use a password which is much stronger than a PIN).
This is where remote wipe comes in. There are several ways to permanently erase all data on a Secure Phone that you have no access to:
- The user can initiate a wipe via Secure Email and Secure Chat. Both apps come preinstalled on Secure Phone and allow you to determine a “wipe password.” Then, if a message containing that phrase is sent to a Secure Phone, the device is wiped.
- The phone can also be wiped through the Secure Administration System (SAS) and Secure Manager. In both platforms, administrators could select an account at the user’s request and wipe their phone immediately.
- The device can perform a self-initiated wipe. This is the most beautiful part. While the two methods above rely on the device being connected to a network for the wipe request to come in, there are ways to block that. For example, the attackers could place the device in a special bag that blocks outside signals. However, Secure Phone is designed to sync with SAS at regular intervals. Failing to do so is an indicator it might be stolen and sealed off. After a predetermined number of failed syncs, the phone automatically wipes itself.
It is the combination of storage encryption and remote wipe options that protects information stored on Secure Phone. Users can rest assured there is no way anyone but them will be able to read the information stored on their device.