Mobile // Mobile Devices
07:14 PM
Connect Directly
Repost This

WhisperCore Mitigates Risks Of Android In Businesses

TechWebTV catches up with Whisper Systems' CTO and co-founder Moxie Marllinspike to discuss and demo WhisperCore -- a mobile security solution that brings BlackBerry-like centralized enterprise-grade security to Android devices.

Whisper Systems' WhisperCore could be just the right elixir for businesses looking to allow employees to connect their personal Android devices to network resources (eg: email) without risking the safety of corporate digital assets. While at the Black Hat USA 2011 security conference in Las Vegas, BYTE had a chance to videotape an interview with the security startup's CTO and co-founder Moxie Marlinspike. [Disclosure: Black Hat is owned by UBM TechWeb which is also parent to BYTE]. That interview includes a look at some of WhisperCore's features and is embedded below.

Unlike the way Research In Motion has ensured the business-readiness of its BlackBerries with enterprise-grade security, Google has yet to give IT professionals the tools they need to secure Android devices that employees are trying to connect to corporate resources. According to Marlinspike, this is where WhisperCore enters the picture. Much the same way RIM's BlackBerry Enterprise Server allows IT pros to enforce digital security policies on BlackBerries, WhisperCore rounds out Android with a complete suite of centrally administered security options.

As can be seen in the video, WhisperCore includes many of the features that most IT pros would come to expect in a centrally-managed enterprise mobile security solution. For example, WhisperCore administrators can remotely wipe out the data on a device that's no longer authorized for access to corporate resources (like when an employee leaves the company or loses their smartphone).

From a digital security policy point of view, one of biggest shortcomings of Android is its inability to encrypt any data it houses -- either in the device's on-board memory or on any removable memory cards (eg: a MicroSD card). Through WhisperCore, network administrators can require that the data stored on one or both be encrypted. In cases where WhisperCore-encrypted memory cards must be opened on the PCs they're "transferred" to, WhisperCore also includes PC-based utilities for decrypting and opening the files found on those cards.

Like other mobile security solutions, WhisperCore can be used to remotely enable or disable any application on an Android device. This feature could be used to prevent end-users from using applications that represent a potential digital security risk to the device or the network resources it connects to. The solution includes three related features; the ability to centrally provision and de-provision software to and from Android devices, a software-based firewall that can restrict any application's communications capabilities, and a code-signing feature that can double-check an application's digital signature before allowing it to run.

Businesses concerned about the backup and recovery of mobile data might take solace in WhisperCore's FlashBack; a cloud-based backup and restore utility. Through central policy administration, Android devices can be automatically backed-up to (and restored from) WhisperCore's Amazon S3-driven cloud. Businesses not wanting to use WhisperCore's cloud can substitute their own storage infrastructure for keeping files backed-up. Data that's sent to and from a "backup cloud" can be encrypted to ensure its safety from sniffers and the like. FlashBack allows data to be restored to a device other than the one that it was backed-up from. This would come in handy when a device needs to be replaced; either due to damage or loss.

In the video, Marlinspike shows BYTE the lengths to which WhisperCore has gone to defeat the possibility of a smudge attack. This is where overuse of the same "password pattern" leaves an oily finger trail on the surface of an Android-device -- a finger-trail that's easily reproduced in unauthorized attempts to unlock the device. As can be seen in the video, WhisperCore has several features that force the obfuscation of any existing finger trails.

Though Marlinspike wouldn't be specific about the cost of WhisperCore to businesses (he said "call for pricing"), he said that any user can download and use the personal (non-centrally administered version) for free from Whisper Systems' Web site. Here's the video:

David Berlind is the chief content officer of UBM TechWeb and a contributing editor to BYTE. You can follow him on Twitter at @dberlind or contact him at

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.