Pen testing conducted by BlackBerry tried and failed to crack the app
At SKY ECC GLOBAL, we created SKY ECC from a belief that secure messaging should be widely available and secure messaging tools should be easy to use. We all have a fundamental right to privacy and should be able to keep our communications private and secure. To get there we need widely available, easy-to-use secure messaging tools. But to have truly secure messaging, we need to have an app built from the ground up with security as its most fundamental feature. We built the app to not even trust the device that it is on, but regardless we went the extra mile by ensuring the devices the app runs on to be just as secure, so you know if the app is secure and the device is secure—your communications are secure.
But all that is just talk without proof. Proof that we built a secure app. Proof that we configured the devices, secure container, and VPN correctly. That proof only comes from giving security experts devices and letting them try to compromise the device, the app, and the encryption. We might be more than a little biased when we say SKY ECC is the most secure mobile messaging app you can get, but now we have proof after extensive penetration testing conducted by BlackBerry in October 2018.
No issues found major, minor, or critical
These two tables from BlackBerry’s report say it all:
Yes, they are blank, this means there were no issues found. In their tests, BlackBerry Cybersecurity tried to compromise the device security to get to the data within the app. They tried to decrypt the messages intercepted by a packet sniffer. They tried brute force attacks to see if they could get around the layers of passwords and security in the app. For the pen tests, we gave BlackBerry two devices (a Google Pixel 2 and a BlackBerry KEYone) they had full and unrestricted access to and they completed their tests over two weeks. You can download the summary of the findings— SKY ECC Pen Test Summary —and read the results and methodology yourself. But the bigger question you might be asking is: “What makes SKY ECC so secure?”
Security from the ground up
Beyond our awesome programmers and engineers, what makes SKY ECC so secure is our commitment to start secure and stay secure throughout the product architecture.
- Start with secure devices that have tamper resistant hardware modules
- Secure the device at its root level
- Install the app within a secure container on the device. Putting a cryptographic barrier between SKY ECC and everything else on the device
- BlackBerry UEM and the BlackBerry Infrastructure establish a mutually authenticated TLS connection that uses 256-bit AES to protect the data in transit
- 2048-bit SSL connection to SKY ECC private servers
- Sender/receiver metadata wrapped in 256-bit AES
- Message encrypted with 521-bit elliptic-curve cryptographic (ECC) algorithm
- Secure the app with our proprietary brute force password protection
SKY ECC is the only secure messaging app completely protected from brute force attacks. You might be able to brute force your way into the device, but with SKY ECC—it’s locked down tight. Most of all though, the most secure part of SKY ECC is that it’s easy to use. One of the biggest problems in the ultra-secure messaging space, is apps and services that are hard to use and have poor user experience. SKY ECC is simple, intuitive, and punches way above its weight class feature for feature with other secure apps‚—and you’ll enjoy using it. A secure messaging app you don’t use isn’t helping you stay secure.