No, they don’t. Backdoors are intentional flaws in security systems and encryption services that serve as a way for their creators to bypass the security. The products we offer have no such backdoors. We do not need elevated access to your messages or device to perform maintenance. We provide a service intended to secure people’s privacy. Leaving loopholes in our products so that we could gain access to them would have been at odds with that idea.
There are several layers of security protecting your messages. The first one is the strength of the encryption. The encrypted chat, group chat, voice and video calls use state-of-the-art cryptographic protocols such as PGP, OTR, OMEMO, and ZRTP to encrypt all communication channels. Our implementations of these protocols use best-of-breed technologies such as AES-256, SHA-256, 4096-bit RSA, and 4096-bit Diffie-Hellman. All apps also use end-to-end encryption. This means that every message you send gets encrypted on your device, remains encrypted (and undecipherable to third parties) all along the way to the recipient’s device, and gets decrypted only once it arrives there. No one can decipher the content of your communications, even if they somehow succeed in intercepting them. Lastly, we do not keep anything on our servers. They are used just to facilitate communication between users. Every message that passes through the servers gets instantly deleted the moment it gets sent to the end recipient. In Encrypted Chat, messages get sent only when the two communicating parties are online. This means that no message ever lays dormant on our servers, waiting to be sent.
You can assign countdown timers to your messages sent with the Encrypted Chat app. The one function is called Time to Live (TTL), which starts the countdown the moment the message is sent. Regardless of whether the recipient opens and reads the message when they receive it or not, it gets deleted on both devices when the timer runs out. The other function is called For Your Eyes Only (FYEO). In it, the timer starts when the recipient opens the message. Once it runs out, the message also gets deleted on both the sender and the recipient’s device.
Our gateway servers have multilayered protection. We use logical isolation, firewall filters, ACLs, and DDoS mitigation protection in excess of 1 terabyte of bandwidth. Moreover, we run our own BGP network for extra control and absolute security. Communication between our servers travels via a VPN tunnel, and no unencrypted traffic ever leaves our infrastructure.
The short answer is “none.” T2 COMMUNICATOR comes together with a multi-IMSI SIM card, which we provide with the device. The SIM card comes with an unlimited data plan which offers coverage in over 120 countries worldwide.
First, the multi-IMSI SIM comes with an unlimited data plan with full global coverage. Because T2 COMMUNICATOR uses only its encrypted chat and email apps for communications, this is all you really need. (You can also use Wi-Fi, if you prefer – although it is recommended to do it only over trusted networks.) Second, because the SIM has up 16 IMSI numbers (mobile identities), it can switch between different carriers. This way you are always connected to the network with the best coverage at your current location and always get the best available signal and reception.
If you have any further questions about our penetration testing service that are not answered below please feel free to call us on +353 211 8666 or book a meeting with one of our cyber security experts
Penetration testing is where someone takes on a hacker’s role and attempts to compromise or gain unauthorised access to a network or an application. Also known as white hat hacking, a qualified professional will use automated tools and manual processes to uncover any vulnerabilities and misconfigurations that present a cyber-security risk. A penetration test will give companies an overview of their security posture, highlighting flaws and allowing them to be patched before malicious hackers target them. Also known as white hat or ethical hacking, penetration tests are a vital part of an effective security strategy and are a mandatory component of many compliance schemes.
Several types of penetration testing can be defined as either black, white or grey box testing. It’s also worth specifying there is a difference between an application test and an infrastructure test. As the name suggests, an application test is where a tester looks for flaws within an application to see if there’s any way to get at data or manipulate functionality in a way that wasn’t intended. This can involve cookie theft, XSS, man-in-the-middle attacks etc. On the other hand, infrastructure tests are where the tester attempts to gain entrance to a corporate network.
Black box testing
Black box testing is the closest simulation of real-world hacking in that the tester will know very little, if anything, about the target other than what is publicly available. These are often the least time-consuming tests as it relies solely on the tester discovering vulnerabilities in outwardly facing components. However, whilst these tests accurately represent real-life situations, they will not pick up any vulnerabilities, or misconfigurations present internally. Therefore, they cannot predict what damage an internal threat may cause.
White box testing
White box testing offers the most thorough security test. The tester has a full understanding of the application or infrastructure, how it works, and access from various levels. Likely, they’ll even have access to the source code or have a full detailed map of the internal infrastructure. The tester will probe for vulnerabilities and misconfigurations to gain access from an external position and look to see what damage can be done from an internal perspective.
Grey box testing
Grey box testing is a blend of black and white box testing and is often the most popular test type. The tester will have limited knowledge of the target, potentially including some documentation. They will often have basic user-level access, allowing for partial testing of the target’s internals.
The terms penetration test and vulnerability assessment are often wrongly used interchangeably. A vulnerability assessment uses an automated tool to scan a network or application for known vulnerabilities. A penetration test is more involved and encompasses many aspects, providing you with a more comprehensive overview of your overall security.
A vulnerability scan may well be used in the initial stages of a penetration test to see any easily exploited flaws to work with. The tester will then go a step further, using brute-forcing, code injections, social engineering and other methods to exploit the vulnerability to gain access.
All penetration test projects will start with an accurate scoping. Once the boundaries have been agreed upon and a goal decided upon, testers will begin some reconnaissance. This is the starting point for any hacker and the beginning of the cyber kill chain. This may include looking for any related URLs or domains that could be considered in scope and increase the attack area or conducting some vulnerability scans on their target. If social engineering is included in the test, recon activity may include searching publicly available sources for staff contact details, staff pass designs or email address formats.
The testers will then attempt to exploit any weakness found to gain unauthorised access. This can often have a trial and error-based approach. If successful, the tester will find out the extent of a hacker’s potential reach, compile some evidence and then provide a detailed report along with remediation advice.
Tests will often follow these steps:
It’s recommended that businesses perform penetration tests at least annually or whenever a significant change is made to the environment. Certain compliance packages, such as PCI DSS, make regular penetration tests mandatory. If you want good cyber security, you need a penetration test.
The content of a report will always depend on who has written the report. Woohoo Secure reports always contain a high-level business executive summary before drilling into an in-depth breakdown of each vulnerability, weakness or misconfiguration discovered, along with the mitigation and remediation advice. We will provide this in order of severity and priority.
Penetration testing should be conducted at least once per year.
We would also recommend conducting a penetration test any time you make significant changes to your infrastructure or network, such as when you make an upgrade to software or move to a new office. Our team can advise the best solution for your organisation.