Category Archives: Blog

whiteCryption Now Supports the Swift Programming Language

Ever since Apple introduced the Swift programming language in 2014, the language has seen increasing success in developer adoption. It is now number 12 in the TIOBE Index as of February 2017, rising a full 4 positions from number 16 in February 2016. This is impressive, especially considering the languages ranked above Swift have all been around for over 15 years, giving them a greater head start in building the tools and training environments needed to support a programming language.

Intertrust is happy to announce that as of spring 2017, our whiteCryption software tampering resistance product line will be adding Swift to the list of supported programming languages. With Swift support, not only will iOS app developers be able to deter bad actors through our code obfuscation and FIPS 140-2 validated white-box cryptography technologies, but Apple TV (tvOS) app developers as well. Welcome aboard!

RSA Conference 2017: How You Can Self-Defend Your Apps

The staggering numbers don’t lie. According to the 2016 Mobile App Security Report, in 2016, the average organizational cost for data breaches was $7.01 million in the U.S. Financial, health and service organizations experienced a high, abnormal churn following a data breach, evidencing the loss of customer trust. Given the sheer amount of compromised, possibly even life-threatening data, should you even have to choose app security? Or should it already be a necessary component of your organization’s go-to-market strategy?

Stop by our booth at RSA, #N4334 in the North Hall, where we will be showcasing our mobile app security solution. Here is a preview of what you will experience:

  • Obfuscation at the source code level.
  • Robust white-box implementation.
  • Keys always encrypted.
  • Simple configuration and easy-to-use GUI.

These key benefits, along with others, are why we were recently honored as a finalist in Info Security Products Guide’s Global Excellence Awards in the Application Security Product Suite category! The awards recognize security vendors with advanced groundbreaking products and solutions that are helping set the bar higher for others in all areas of security and technologies.

Our offering is unique in that we are truly multi-purpose and cross-platform. That means you can leverage our solution on mobile, desktop, firmware, and embedded – ensuring an added layer of protection for your apps wherever they’re installed. We also have two components: Code Protection, which prevents reverse engineering and tampering with application obfuscation, and Secure Key Box, an innovative white-box library that protects crypto keys in sensitive software. Together, they work to prevent hacks, bad press, angry customers, and loss of revenue.

If you’re going to RSA and you’re interested in learning more, don’t hesitate to contact us for a one-on-one meeting via email We’re excited and hope to see you there!

Stay secure,

The whiteCryption Team

Introducing a Hack for Good

With all of the news about the wide variety of nefarious hacks committed around the world by bad actors, we’re happy to introduce an event in Mumbai, India focused on hacking for good. Called Hack for Change, this event invites students and recent graduates around Mumbai to gather together on January 8, 2017 to put their skills to work developing solutions impacting healthcare for the elderly, creating smart villages, as well as improving air quality and food security. The event is sponsored by a number of organizations including Intertrust, Moonshot Accelerator, Kiora, IIT Bombay’s The Web and Coding Club, Planet OS, the media technology platform company YourStory, Hyatt Regency and the Garage co-working space. Not only will the hackers get a chance to create some tech for good, they will also be able to win some cash prizes. First place receives INR 50,000 ($736) plus four dinner vouchers at the Hyatt Regency Mumbai, second place INR 25,000 ($368) and third INR 10,000 ($147). Participants can also join a raffle for a weekend stay at the Hyatt Regency Mumbai. Most importantly, we are looking forward to seeing a number of innovative ideas with the potential to change India, and for that matter the world, for the better.

Twelve Significant Security Stats of 2016

A new year; 2017 is here! We’ve had an abundance of blessings last year (a few days ago), helped by our supporters, partners, and customers. And we were happy to have the opportunity to meet everyone at RSA, Black Hat, the Gartner conferences, and other events. This year, our new year resolutions are to continue to nurture our current relationships and to forge new ones – especially with those who are looking to secure their apps and who want to avoid being another cyberattack statistic.

Speaking of statistics…in case you missed our #12hacksofChristmas, we’ve got them here. After some long, hard hours of research, we’ve compiled a list of the top 12 security stats that might sound off warning bells and bring out the security side in you. And without further ado:

Hack #1: Mobile app hacks and breaches will reach $1.5 billion by 2021.

Hack #2: Mobile phone sales will reach 2.1 billion units by 2019; that’s a lot of phone apps that can be hacked.

Hack #3: $34 million is spent annually on mobile app development; only $2 million is spent on security.

Hack #4: Mobile security includes physical threats, network threats, malware and vulnerabilities.

Hack #5: There will be an estimated 26 percent probability of a data breach involving 10,000 records or more by mid-2018.

Hack #6: The average data breach organizational cost in 2016 was over $7 million in the U.S.

Hack #7: Over the last four years, there has been a 188 percent increase in the number of Android vulnerabilities.

Hack #8: Over the last four years, there has been a 262 percent increase in the number of iOS vulnerabilities.

Hack #9: Recently, Android malware has become more stealth.

Hack #10: An estimated 1.6 zettabytes of censored #IoT data in 2020 will create easy targets for cybercriminals.

Hack #11: Electronic locks, thermostats, ovens, sprinklers and motion sensors by remote control has created new vulnerabilities in #IoT.

Hack #12: 57 percent of non mobile banking users say mobile banking is unsafe.

Not quite satisfied with these teasers and curious for the full scoop on the mobile market, the Four Horsemen of mobile security, and steps developers can take to secure apps? Click here to download the full 2016 State of Mobile Security Report.

Thanks again for being a part of our crusade against cybercrime.

Until next time,

The whiteCryption Team

Connected Car Security – Three Ways to Prevent Class Breaks

Depending on where you live driving a vehicle can be challenging. Road construction, traffic, detours, congestion all add to the complexities of getting from point A to point B. And while today’s automobiles are ripe with luxuries that make your time behind the wheel a bit more pleasant there are also any number of hidden amenities that can deliver a driving experience a bit more than you bargained for.

Take MirroLink for example. According to a ScienceDaily article, a group of students and professors from NYU Tandon School of Engineering and George Mason University discovered some serious vulnerabilities in MirrorLink. Representing 80 percent of the global automakers, the Connected Car Consortium created MirrorLink as a standard protocol for smartphone communication with a car’s in-vehicle infotainment system (IVI). While some automakers disable MirrorLink in favor of their own IVI solution it’s still installed and able to be enabled for good or bad.

The researchers were able to do just that in a 2015 model vehicle they purchased for their experiments. Using only information available to the public – including much-watched YouTube videos – they were able to enable MirrorLink and access vehicle safety equipment controls such as anti-lock brakes.

It was only last year when NBC News featured a hacker that was able to gain access to a Jeep through Bluetooth vulnerabilities and actually steer and brake the vehicle. While connectivity and conveniences are a driver’s dream it has the potential to be a complete nightmare as well. Beyond data leaks and malware, the potential for systematic hacks that can actually subvert a car’s control systems and brakes are now an unfortunate reality.

Earlier this year, the FBI and the National Highway Traffic Safety Administration (NHTSA) warned that the increased use of computers in motor vehicles posed an increasing risk for cyberattacks. Specifically, the increased use of electronic control units (ECUs) that control any number of vehicle functions such as steering, braking, acceleration, lights, windshield wipers, and other wireless functionality such as keyless entry and ignition control provide possible entry points for hackers looking to wreak havoc with a driver and their vehicle.

Given this new reality, the question that needs to be answered is How can car manufacturers reduce the potential for data leaks and potentially more serious attacks?

The answer is that devices need to be ‘hardened’ to resist attacks on sensor technologies found in vehicles (and many other IoT technologies). To secure connected devices such as vehicles, there needs to be protection against class breaks – those attacks that if successfully engineered on one software instance, can be applied to other instances of the same software. The following three security schemes are available to manufacturers:

  1. Software diversification is a leading protection technique against class breaks. It significantly increases the time and cost of attacking an installed base of protected applications. Essentially, the attacker must crack each copy of the application. For this reason, software diversification should be a de facto means to protect software applications that are distributed in large numbers to consumer devices, such as desktop computers, mobile devices, and game consoles.

    There are two types of software diversification – data and code. Applications containing cryptographic operations should employ at least one, but preferably both, types of software diversification.
  1. Data diversification is a relatively simple method that enhances protection against class breaks. With this method, certain embedded data values referenced by the program code vary among different instances of the same application. For example, this data value could be a key that encrypts a database stored on a device, or that encrypts other keys imported into the application. If a hacker manages to extract the key from a particular application instance, he would not be able to use that key to decrypt the secrets of other application instances.

    To use data diversification, unique and “personalized” data values have to be injected into the binary image during code compilation or deployment.
  1. Code diversification is a much more sophisticated and robust (and usually, costlier) protection against class breaks than data diversification. With this method, binary instructions vary between different instances, or between separate sets of instances. Code diversification is typically a result of applying in-house or vendor-supplied tamper-resistance techniques. This may include code obfuscation, instruction set randomization, integrity protection, anti-debug and anti-dumping techniques, code signing, or virtualization. In most cases, for the sake of performance and simplicity, it is enough to diversify just the sensitive parts of the program code (like the cryptographic routines), but in other cases, the protection can benefit from diversifying the whole executable.

It will only take one data breach or hack to a vehicle that results in a serious accident to wake up automobile manufacturers and drivers that a better, more secure security solution is needed.

In Recognition of the ADL

Intertrust is proud to support the Anti-Defamation League’s (ADL) 2016 Annual Gala Celebration and the organization’s important work in protecting civil rights. The honorees being celebrated this year, Curtis and Priscilla Tamkin and Gary Roberts are people dedicated to furthering the causes of the ADL. Intertrust’s congratulates them on their well-earned recognition.

We’ve been nominated for the Cybersecurity Excellence Awards!

We’re excited to announce that we’ve been nominated for the 2017 Cybersecurity Excellence Awards (in the application security category)! The awards serve to recognize cybersecurity defenders who have dedicated an enormous amount of time and energy to protecting Internet users.

As a provider of the strongest application security on the market, excellence is our middle name. Succinctly put, our Cryptanium™ solution prevents reverse engineering and tampering, damage to your reputation and loss of revenue, and ultimately secures your apps from threats.

Not only do we work tirelessly to secure millions of user applications, we also do so at the source code level as opposed to the binary level, which hackers can more easily bypass. In addition, we have certifications that our competitors lack – namely, Cryptanium is the only white-box crypto library in the industry that is FIPS 140-2 certified. This certification assures companies like yours that whiteCryption has gone through rigorous testing and meets the highest level of security standards.

Our solution comprises two components – Code Protection (CP) and Secure Key Box (SKB). Code Protection protects the integrity of your apps by automatically inserting hundreds of overlapping integrity checkers into the code. This functionality, along with other features, protects your apps from reverse engineering and attacks.

The other security component, SKB, is an advanced white-box library that is designed to protect your crypto keys in sensitive software. Excluding SKB would leave keys vulnerable to hackers.

Whether you are a valuable customer or partner of ours, or think we provide the strongest app security in the industry, don’t hesitate to cast your vote for us. To vote, simply click here and give us a thumbs up!

Stay safe,

The whiteCryption Team

Growing the Chinese Media Market

At Intertrust’s fourth annual summit event in Beijing, content industry luminaries from China, the US and Europe gathered together for a dialogue on how all participants can work together to grow the legitimate media market in China for both the Chinese and overseas content producers. At the event, Talal Shamoon, Intertrust’s CEO, noted that the way to make this happen is to expand content protection to cover the end-to-end video distribution cycle while helping local service providers create attractive experiences for their audiences. “We need to respect local rules and distribution norms and bring entertainment to the doorstep of every consumer,” said Shamoon.

One of the drivers of this cooperation is of course, the ever expanding size of the Chinese entertainment market, particularly in the OTT (over-the-top) video market. In 2015, Chinese OTT revenues were over 40 billion RMB ($5.9 billion US, iResearch), an increase of 61.2% year to year. While 23.1 billion RMB ($3.4 billion US) of revenue was driven by advertising based monetization, user paid video services brought in 5.13 billion RMB ($761 million US), an increase of 270.3% year to year.

While the event featured presentations from executives from 21st Century Fox, Sony Pictures and Universal Pictures, much of the discussion really focused on how Chinese distributors and content producers are introducing new services for distributing local content while integrating content protection. One example is Ruyi Films. Ruyi Films not only produces original movie and television content; it has invested in its own Internet video distribution platform called Pumkin Movie for both local and overseas content. Using ExpressPlay and Marlin DRM to protect content, Ruyi is the second fastest growing new media platform in China with over 3 million registered users and growing by an average of 25,000 users per day.

Much of the discussion from the Hollywood side was focused on technologies, notably in production, distribution and content protection, needed to support the next generation of UHD (ultra-high definition, also known as 4K) and HDR (high dynamic range) video now coming on to the market. The Chinese market is already working actively to make these and other advanced OTT video experiences a reality. ExpressPlay has already announced it is working with Civolution to integrate their NextGuard session-based video watermarking solution to support Hollywood initiatives to roll-out UHD/HDR content as well as early-window video on demand movie release in the Chinese market.

Beyond watermarking it was also stressed that hardware security measures such as implementation of HDCP (high-bandwidth digital content protection) 2.2 for the HDMI (high-definition multimedia interface) output, again something which ExpressPlay supports as part of the ExpressPlay UHD offering. At the event, Rambus, whose security solution is used in in the ExpressPlay UHD service, discussed some of details their technologies and how it is used to protect UHD content in connected TVs.

The overseas contingent was not just talking about content protection, however. Alberto Sigismondi, the CEO of the Italian digital satellite and OTT service provider Tivù, talked about how Tivù’s success in the Italian market was built on their platform composed of open standards, including Marlin DRM, MPEG-DASH with HbbTV support coming up. Tivù’s free-to-air digital TV has been adopted by over 2.9 million households, over 10% of the Italian market, and was the first in Europe to broadcast encrypted UHD content. Thanks to the open platform approach, tivùon!, Tivù’s OTT service, launched in July, 2016, is available on more then 3 million devices in the Italian market.

Intertrust also brought up another important subject: monetization. With the strength of the mobile device market in China and video services on those devices, Intertrust’s CTO Dave Maher introduced Personagraph, Intertrust’s mobile audience segmentation solution for mobile video advertising. Personagraph takes a wide variety of signals from sensors and software on mobile phones to create anonymous audience profiles for advertisers to target their messages to. Maher stressed several points. First, as more and more connected devices with sensors come online, there will be even more sensor data available for more accurate audience segmentation. Second, Personagraph’s technology allows it to reduce costs by not having to rely on 3rd party data that can be quite expense. Third, there is a time in the near future where ad slots in video programming could be uniquely targeted to a consumer’s specific profile and context and auctioned to advertisers. In the fast-growing Chinese OTT market, such a system could make for lucrative advertising supported OTT services benefitting both Chinese consumers and the entire industry.

AutoMobility LA 2016 – See you in Los Angeles!

What are the startups that are uprooting the status quo of the cybersecurity space in the connected car industry? What types of new rides will be making their big debuts? Ready to see live dancing monkeys climbing indoor palm trees and bird ladies at the kick off party?

Find out the compelling answers to these questions at AutoMobility LA (the first show of its kind), November 14-17. We are equally excited to be there with other leaders in the industry such as Ford and Maserati and ready to go full throttle in whiteCryption Booth #1011. Here’s what lies ahead of the open road for us at the show:

  • Giving you an exclusive demo of Cryptanium™.
  • Giving away Cryptanium™ mints (for when you want that extra boost).
  • Giving away remote-controlled 1/24 scale Lamborghini Veneno cars.
  • Showing you how to hack a car and prevention techniques.

Nowadays, connected cars, equipped with intuitive onboard sensors and Internet access, allow for real-time traffic info in navigation systems, detect blind spots, and even allow drivers take a break from steering using autonomous technology.

Those are features that are sought after, but what if those very features serve as the gateway to cybercriminals tampering with your car? After all, these cars are connected to the cloud, which is still free territory unless you actively take steps to secure your car. So come stop by our booth in the Tech Pavilion – we’ll be there on November 14-17 to show you how to secure your connected car apps.

See you there,

Your friends at whiteCryption

Happy Halloween! Beware of ghouls, vampires and…cyberthreats?

October is an exciting month – not only is Halloween just around the corner (filled with trick or treaters, costume parties, and haunted attractions!), but it’s also Cyber Security Awareness Month.

As with Halloween activities, where safety should be a first priority, Cyber Security Awareness Month is designed to bring attention to the importance of protecting the public from cybersecurity threats. Whether you are a casual Internet user or an app creator, a dark web of malicious activities runs rampant. Recent malevolent threats include AtomBombing, which affects millions of PCs by using code injection to access sensitive data such as encrypted passwords and by taking screenshots without your permission. Another big bad wolf of cyberthreats can quite literally put your lives at risk when behind the wheel of your car. These threats are a new breed that comes with the luxury of interconnected systems – car hacks. Engine, transmission controls and navigation systems can all be compromised because they do not need physical access to the autonomous car to operate anymore. 

Scary, right? There is, however, an action you can take that will stop mobile application threats in its tracks. Cryptanium™, a leading suite of code protection tools, adds an extra layer of security to apps, rendering them tamper-proof and preventing against:

  • Reverse engineering.
  • Manipulated apps.
  • Stolen keys and ideas.

Get app security-ready with us, not just on Halloween, but every day. Try Cryptanium now!

All the best and have a Happy Halloween,

Your friends at whiteCryption