There are some things one can do to make a smart phone more secure: Communicate via Silent Circle or Skype to protect against interception, for example, or never click on an unknown website, or use two-factor authentication.
But the most serious threat to the security of a modern-day smartphone, whether one is traveling in China or just through Las Vegas, is a hacker taking control of a phone. Hackers can exploit a phone manually if they get ahold of it, or they can do it remotely over a network. Once they’re in, all security becomes moot. They can listen in on calls, pull passwords, run the camera and steal contacts. All undetected.
The central problem is easily stated:How can you know if your phone is hacked, short of sending it back to the manufacturer?
Kaprica Security, a Reston, Va., firm, says it’s developed an answer, at least for Android phones: a scanner that can tell if a phone’s operating system has been altered. And to make it as easy as possible to insert this security step into your daily routine, the scanner is built into a phone charger.
Doug Britton, the company’s CEO and founder, says the typical trouble with unmasking smartphone malware is that any decent hacker has dressed up his code to look legitimate. As Britton puts it, hackers “know what the question is, and they know what the answer is. Because the good guys and the bad guys share a processor, you can’t guarantee that the bad guy is not lying to you and, saying, ‘This phone is clean, is valid.’”
Kaprica, founded in 2011, received $328,000 in seed capital from the Defense Advanced Research Projects Agency, records indicate.
Britton, a former Lockheed Martin employee, says the idea behind Kaprica’s device is fairly simple. “We inspect the operating system while it’s at rest, during a reboot of the phone. The reboot does two things. It puts the operating system to sleep so we can inspect it without it being able to lie to us, and it clears out anything that might have been a memory resident exploit.”
The point of focusing on the operating system is that it’s the key to a successful hack, Britton says. To have impact and stay on the phone, he argues, the attacker’s payload “must exist as a modification of the existing operating system.”
The Kaprica charger, manufactured by Belkin, basically incorporates a small computer that communicates with the Kaprica server. If it finds no modification to the operating system, a green light comes on to give the all clear. If it finds a problem, there’s a red light.
“If we see the operating system has been modified,” Britton says, “we can remove the payload, alert you, fix the modified kernel, whatever it is.”