The participants at the DevCon conference in Tel Aviv didn’t see it coming. They thought they were there to hear a lecture by Yair Amit and Adi Sharabani, co-founders of the Israeli startup Skycure, on the topic of mobile security. The setting was altogether ordinary: conference room, screen, projector, PowerPoint.
And then, one by one, members of the audience discovered that their smartphones and tablets were being hacked in real time – in plain sight. Their screens were suddenly swiping without their control; emails were being written without permission; apps opened and photos changed.
Spread the Word
• Email this article to friends or colleagues
• Share this article on Facebook or Twitter
• Write about and link to this article on your blog
• Local relevancy? Send this article to your local press
Amit and Sharabani were the benign perpetrators and no data was stolen or deleted. Still, the audience learned an unforgettable lesson about just how vulnerable mobile networks can be.
As horrifying as watching your phone go haywire under some hacker’s control can be, the real danger is what lies beyond: the corporate network. And mobile devices are the ideal gateway in.
It once was that employees would be forced to use equipment their company gave them — a BlackBerry or an IBM ThinkPad. But these days, there’s a growing trend dubbed BYOD, “Bring Your Own Device,” where employees are increasingly unwilling to part with their personal mobile devices and their bosses are begrudgingly acceding, hooking them up to the company’s network.
And that’s where trouble begins. Because you know what else is trying to hook up to that network? All manner of viruses, malware and malicious agents. And they’ve found the perfect entry point: your phone. The venue? The innocuous coffee shop.
You see, when you connect your mobile device to the WiFi at the local Starbucks, that network may not be as secure or encrypted as the one in the office or even your password-protected system at home. A hacker sitting just a table away could be hopping onto your device as you check your email or browse for last night’s sports scores – just like the Skycure duo demonstrated at DevCon. Then, when you plug back in at the office, it’s off to the races.
“Everyone knows that hackers can alter your data and steal your personality,” explains CTO Amit. “But what’s less known is that this is a great way to penetrate the corporate network as well.”
The answer, according to Amit, is the creation of a “mobile firewall” that does for phones and tablets what the long-established firewalls have for years provided to protect corporations’ computer assets.
“Firewall” is an imprecise term, Amit insists. A “hybrid security” system might be more accurate, in that there are components on both the phone and on the company’s network to block intruders.
Israel has a well-known reputation around the world as a leader in the computer security space. Israeli powerhouse Checkpoint is still the reigning king of the security titans and was one of Israel’s first international software startup successes. All that helps when Skycure knocks on corporate doors.
“Yes, it’s challenging to enter big markets like the US and Europe,” Amit admits. “But in the field of security, there is recognition that Israel’s technology expertise is valuable.”
Skycure is financially well positioned to press its case: The company recently raised $3 million from the Israeli VC Pitango. Skycure currently has six employees and is growing to 10 with the new financing. Amit and his partner Sharabani had self-funded the company to start, in part from their successful exits from Watchfire, another security startup, which was bought by IBM in 2007. The first Skycure firewall product will be released later this year.
Under the radar
If you’re thinking at this point, “I want one of those,” you’re slightly out of luck. Skycure will be selling its technology to enterprises only. The company is talking with potential clients now, mostly in the financial services area. Pricing might be a one-time fee or a monthly license.
Amit, 29, has been interested in security for as long as he can remember. “I’ll look at a line into an entrance to somewhere,” he says, “and I’ll analyze the process, to see how I can sneak in.” He pauses. “I don’t actually do such things – it’s just the way my mind works!” he emphasizes.
While Skycure has so far mostly flown under the radar, it did receive quite a bit of media attention earlier in 2012 when its founders “exposed” a practice at LinkedIn that was putting users’ data at risk. LinkedIn, it seems, was uploading its members’ calendar data from their mobile phones to LinkedIn’s servers in order to share meeting information and synchronize schedules.
The problem was that LinkedIn was doing it without asking for its millions of mobile app users’ permission. The story shot across the blogosphere. “We worked with LinkedIn to improve the way their app behaved,” Amit says. Today, users have full control over what gets shared.
While LinkedIn’s security mishap was more misunderstanding than malicious, it’s all part of the Skycure mission: Keeping the mobile world hacker free and safe for corporate employees to BYOD.