WhisperCore Mitigates Risks Of Android In Businesses - InformationWeek
Mobile // Mobile Devices
07:14 PM
Connect Directly

WhisperCore Mitigates Risks Of Android In Businesses

TechWebTV catches up with Whisper Systems' CTO and co-founder Moxie Marllinspike to discuss and demo WhisperCore -- a mobile security solution that brings BlackBerry-like centralized enterprise-grade security to Android devices.

Whisper Systems' WhisperCore could be just the right elixir for businesses looking to allow employees to connect their personal Android devices to network resources (eg: email) without risking the safety of corporate digital assets. While at the Black Hat USA 2011 security conference in Las Vegas, BYTE had a chance to videotape an interview with the security startup's CTO and co-founder Moxie Marlinspike. [Disclosure: Black Hat is owned by UBM TechWeb which is also parent to BYTE]. That interview includes a look at some of WhisperCore's features and is embedded below.

Unlike the way Research In Motion has ensured the business-readiness of its BlackBerries with enterprise-grade security, Google has yet to give IT professionals the tools they need to secure Android devices that employees are trying to connect to corporate resources. According to Marlinspike, this is where WhisperCore enters the picture. Much the same way RIM's BlackBerry Enterprise Server allows IT pros to enforce digital security policies on BlackBerries, WhisperCore rounds out Android with a complete suite of centrally administered security options.

As can be seen in the video, WhisperCore includes many of the features that most IT pros would come to expect in a centrally-managed enterprise mobile security solution. For example, WhisperCore administrators can remotely wipe out the data on a device that's no longer authorized for access to corporate resources (like when an employee leaves the company or loses their smartphone).

From a digital security policy point of view, one of biggest shortcomings of Android is its inability to encrypt any data it houses -- either in the device's on-board memory or on any removable memory cards (eg: a MicroSD card). Through WhisperCore, network administrators can require that the data stored on one or both be encrypted. In cases where WhisperCore-encrypted memory cards must be opened on the PCs they're "transferred" to, WhisperCore also includes PC-based utilities for decrypting and opening the files found on those cards.

Like other mobile security solutions, WhisperCore can be used to remotely enable or disable any application on an Android device. This feature could be used to prevent end-users from using applications that represent a potential digital security risk to the device or the network resources it connects to. The solution includes three related features; the ability to centrally provision and de-provision software to and from Android devices, a software-based firewall that can restrict any application's communications capabilities, and a code-signing feature that can double-check an application's digital signature before allowing it to run.

Businesses concerned about the backup and recovery of mobile data might take solace in WhisperCore's FlashBack; a cloud-based backup and restore utility. Through central policy administration, Android devices can be automatically backed-up to (and restored from) WhisperCore's Amazon S3-driven cloud. Businesses not wanting to use WhisperCore's cloud can substitute their own storage infrastructure for keeping files backed-up. Data that's sent to and from a "backup cloud" can be encrypted to ensure its safety from sniffers and the like. FlashBack allows data to be restored to a device other than the one that it was backed-up from. This would come in handy when a device needs to be replaced; either due to damage or loss.

In the video, Marlinspike shows BYTE the lengths to which WhisperCore has gone to defeat the possibility of a smudge attack. This is where overuse of the same "password pattern" leaves an oily finger trail on the surface of an Android-device -- a finger-trail that's easily reproduced in unauthorized attempts to unlock the device. As can be seen in the video, WhisperCore has several features that force the obfuscation of any existing finger trails.

Though Marlinspike wouldn't be specific about the cost of WhisperCore to businesses (he said "call for pricing"), he said that any user can download and use the personal (non-centrally administered version) for free from Whisper Systems' Web site. Here's the video:

David Berlind is the chief content officer of UBM TechWeb and a contributing editor to BYTE. You can follow him on Twitter at @dberlind or contact him at dberlind@techweb.com.

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll